From 1f2744825f1180648736506a0ff957bc615713c7 Mon Sep 17 00:00:00 2001
From: hao <hao@users.noreply.git.hk.hao.work>
Date: Tue, 17 Mar 2026 00:07:51 -0700
Subject: [PATCH] lab: automated intel and verification sync
 codex/intel-20260317-000751

---
 01-sql-injection/tools/sqli-exploit.go        |  10 +-
 02-xss/exploitation/README.md                 |   8 +-
 02-xss/payloads/README.md                     |   8 +-
 .../bruteforce/exploitation/README.md         |   8 +-
 .../bruteforce/wordlists/README.md            |   8 +-
 03-authentication/jwt/exploitation/README.md  |   8 +-
 .../session/exploitation/README.md            |   8 +-
 04-server-security/nmap-scripts/README.md     |   8 +-
 .../compose/compose.yaml                      |   8 ++
 .../gitea-livecheck-20260316/report.html      |  41 ++++++
 .../gitea-livecheck-20260316/report.md        |  55 ++++++++
 .../gitea-livecheck-20260316/run.json         |  95 +++++++++++++
 .../gitea-livecheck-20260316/timeline.mmd     |   9 ++
 07-framework-security/cms/directus/INDEX.md   |   2 +-
 07-framework-security/cms/discourse/INDEX.md  |   2 +-
 07-framework-security/cms/drupal/INDEX.md     |   2 +-
 07-framework-security/cms/ghost/INDEX.md      |   2 +-
 07-framework-security/cms/joomla/INDEX.md     |   2 +-
 07-framework-security/cms/mediawiki/INDEX.md  |   2 +-
 07-framework-security/cms/moodle/INDEX.md     |   2 +-
 07-framework-security/cms/strapi/INDEX.md     |   2 +-
 07-framework-security/cms/wordpress/INDEX.md  |   2 +-
 .../ecommerce/adobe-commerce/INDEX.md         |   2 +-
 .../ecommerce/magento-open-source/INDEX.md    |   2 +-
 .../ecommerce/medusa/INDEX.md                 |   2 +-
 .../ecommerce/opencart/INDEX.md               |   2 +-
 .../ecommerce/openmage/INDEX.md               |   2 +-
 .../ecommerce/prestashop/INDEX.md             |   2 +-
 .../ecommerce/saleor/INDEX.md                 |   2 +-
 .../ecommerce/shopware/INDEX.md               |   2 +-
 .../ecommerce/woocommerce/INDEX.md            |   2 +-
 .../frameworks/angular/INDEX.md               |   2 +-
 .../frameworks/aspnet-core/INDEX.md           |   2 +-
 .../frameworks/astro/INDEX.md                 |   2 +-
 .../frameworks/django/INDEX.md                |   2 +-
 .../frameworks/echo/INDEX.md                  |   2 +-
 .../frameworks/esbuild/INDEX.md               |   2 +-
 .../frameworks/express/INDEX.md               |   2 +-
 .../frameworks/fastify/INDEX.md               |   2 +-
 .../frameworks/flask/INDEX.md                 |   2 +-
 07-framework-security/frameworks/gin/INDEX.md |   2 +-
 .../frameworks/hapi/INDEX.md                  |   2 +-
 07-framework-security/frameworks/koa/INDEX.md |   2 +-
 .../frameworks/laravel/INDEX.md               |   2 +-
 .../frameworks/nestjs/INDEX.md                |   2 +-
 .../frameworks/nextjs/INDEX.md                |   2 +-
 .../frameworks/nodejs/INDEX.md                |   2 +-
 .../frameworks/nuxt/INDEX.md                  |   2 +-
 .../frameworks/rails/INDEX.md                 |   2 +-
 .../frameworks/react/INDEX.md                 |   2 +-
 .../frameworks/spring-boot/INDEX.md           |   2 +-
 .../frameworks/spring-framework/INDEX.md      |   2 +-
 .../frameworks/spring-security/INDEX.md       |   2 +-
 .../frameworks/sveltekit/INDEX.md             |   2 +-
 .../frameworks/symfony/INDEX.md               |   2 +-
 .../frameworks/undici/INDEX.md                |   2 +-
 .../frameworks/vite/INDEX.md                  |   2 +-
 07-framework-security/frameworks/vue/INDEX.md |   2 +-
 .../frameworks/webpack/INDEX.md               |   2 +-
 .../frameworks/werkzeug/INDEX.md              |   2 +-
 .../platforms/adminer/INDEX.md                |   2 +-
 .../platforms/gitea/INDEX.md                  |   2 +-
 .../gitea/cases/gitea-cve-2025-68939.md       |   6 +-
 .../platforms/gitlab-ce/INDEX.md              |   2 +-
 .../platforms/grafana/INDEX.md                |   2 +-
 .../platforms/jenkins/INDEX.md                |   2 +-
 .../platforms/kibana/INDEX.md                 |   2 +-
 .../platforms/mattermost/INDEX.md             |   2 +-
 .../platforms/phpmyadmin/INDEX.md             |   2 +-
 .../platforms/redmine/INDEX.md                |   2 +-
 .../servers/apache-httpd/INDEX.md             |   2 +-
 .../servers/apache-tomcat/INDEX.md            |   2 +-
 07-framework-security/servers/caddy/INDEX.md  |   2 +-
 .../servers/haproxy/INDEX.md                  |   2 +-
 07-framework-security/servers/nginx/INDEX.md  |   2 +-
 .../servers/traefik/INDEX.md                  |   2 +-
 .../generated/dashboard/index.html            |  71 ++++++++--
 08-threat-intel/generated/dashboard/runs.json | 132 +++++++++++++++++-
 ...gitea-gitea--CVE-2025-68939-20260317063330 |   1 +
 .../dashboard/runs/gitea-livecheck-20260316   |   1 +
 ...xtjs-nextjs--CVE-2025-29927-20260317063047 |   1 +
 .../generated/dashboard/summary.json          | 131 +++++++++--------
 .../generated/dashboard/systems.json          |  50 +++++++
 08-threat-intel/generated/latest-ingest.md    |   2 +-
 08-threat-intel/generated/run-summary.json    |   2 +-
 .../advisories/gitea--CVE-2025-68939.json     |   6 +-
 .../runs/gitea-livecheck-20260316.json        |  95 +++++++++++++
 scripts/lab/render.py                         |   7 +-
 88 files changed, 733 insertions(+), 170 deletions(-)
 create mode 100644 06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml
 create mode 100644 06-case-studies/generated-runs/gitea-livecheck-20260316/report.html
 create mode 100644 06-case-studies/generated-runs/gitea-livecheck-20260316/report.md
 create mode 100644 06-case-studies/generated-runs/gitea-livecheck-20260316/run.json
 create mode 100644 06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd
 create mode 120000 08-threat-intel/generated/dashboard/runs/gitea-gitea--CVE-2025-68939-20260317063330
 create mode 120000 08-threat-intel/generated/dashboard/runs/gitea-livecheck-20260316
 create mode 120000 08-threat-intel/generated/dashboard/runs/nextjs-nextjs--CVE-2025-29927-20260317063047
 create mode 100644 08-threat-intel/generated/dashboard/systems.json
 create mode 100644 08-threat-intel/registry/runs/gitea-livecheck-20260316.json

diff --git a/01-sql-injection/tools/sqli-exploit.go b/01-sql-injection/tools/sqli-exploit.go
index 05e4448a..fdd43ad8 100644
--- a/01-sql-injection/tools/sqli-exploit.go
+++ b/01-sql-injection/tools/sqli-exploit.go
@@ -164,11 +164,11 @@ func (s *SQLiExploit) TestErrorBased(payloads []struct {
 			continue
 		}
 
-        for dbms := range errorPatterns {
-            if strings.Contains(body, "SQL") || strings.Contains(body, "error") ||
-                strings.Contains(body, "Error") || strings.Contains(body, "Warning") {
-                results = append(results, InjectionResult{
-                    Payload:     p.Payload,
+		for dbms := range errorPatterns {
+			if strings.Contains(body, "SQL") || strings.Contains(body, "error") ||
+				strings.Contains(body, "Error") || strings.Contains(body, "Warning") {
+				results = append(results, InjectionResult{
+					Payload:     p.Payload,
 					VulnType:    "Error-based",
 					DBMS:        dbms,
 					ResponseLen: respLen,
diff --git a/02-xss/exploitation/README.md b/02-xss/exploitation/README.md
index 9112632f..2aea3f75 100644
--- a/02-xss/exploitation/README.md
+++ b/02-xss/exploitation/README.md
@@ -1,5 +1,9 @@
 # XSS 利用实验
 
-> `LAB NOTE` | `规划中`
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
 
-该目录预留给受控环境中的最小化利用演示、上下文差异说明和复现脚本。当前仅保留占位，避免误报为已完工。
+该目录用于记录受控环境中的最小化利用演示、上下文差异说明和浏览器回放要求。
+
+- 默认模式: `minimal-proof`
+- 证据要求: 截图、DOM 快照、console、network、关键元素文本
+- 关联入口: [scripts/lab/main.py](/Users/x/websafe/scripts/lab/main.py), [generated-runs](/Users/x/websafe/06-case-studies/generated-runs)
diff --git a/02-xss/payloads/README.md b/02-xss/payloads/README.md
index 315076e2..a3194fa8 100644
--- a/02-xss/payloads/README.md
+++ b/02-xss/payloads/README.md
@@ -1,5 +1,9 @@
 # XSS Payload 集合
 
-> `LAB NOTE` | `规划中`
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
 
-该目录后续用于保存按上下文分类的实验 payload。正式补齐前，统一以工具内建 payload 和案例文档为准。
+该目录用于记录按上下文分类的实验 payload 约束，而不是堆放面向未知站点的泛化攻击载荷。
+
+- 来源: 以 [xss-fuzzer.py](/Users/x/websafe/02-xss/tools/xss-fuzzer.py) 和 [xss-scanner.go](/Users/x/websafe/02-xss/tools/xss-scanner.go) 的内建 payload 为准
+- 语境: HTML、属性、DOM sink、编码绕过、CSP/Trusted Types 对照实验
+- 不适用: 面向未授权第三方目标的通用 payload 清单传播
diff --git a/03-authentication/bruteforce/exploitation/README.md b/03-authentication/bruteforce/exploitation/README.md
index 6e685cdf..9159d1e2 100644
--- a/03-authentication/bruteforce/exploitation/README.md
+++ b/03-authentication/bruteforce/exploitation/README.md
@@ -1,5 +1,9 @@
 # 暴力破解利用说明
 
-> `LAB NOTE` | `规划中`
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
 
-该目录预留给登录流程、锁定策略和验证码绕过的实验说明，强调最小化验证而非账户接管。
+该目录用于记录登录流程、锁定策略和验证码前置控制面的实验说明，强调最小化验证而非账户接管。
+
+- 默认目标: 本地种子账号或授权演示账户
+- 默认方式: 小样本、低频、可审计请求
+- 工具入口: [web-brute.py](/Users/x/websafe/03-authentication/bruteforce/tools/web-brute.py)
diff --git a/03-authentication/bruteforce/wordlists/README.md b/03-authentication/bruteforce/wordlists/README.md
index 067fd4c5..2e370967 100644
--- a/03-authentication/bruteforce/wordlists/README.md
+++ b/03-authentication/bruteforce/wordlists/README.md
@@ -1,5 +1,9 @@
 # 字典文件说明
 
-> `LAB NOTE` | `规划中`
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
 
-该目录后续仅用于小规模、可审计的实验字典，不存放来自真实用户或泄露数据的口令集合。
+该目录仅用于小规模、可审计的实验字典。
+
+- 仅允许: 本地种子账号、演示密码、可回滚测试账户
+- 禁止: 真实用户密码、泄露口令库、撞库语料
+- 默认执行器: [web-brute.py](/Users/x/websafe/03-authentication/bruteforce/tools/web-brute.py)
diff --git a/03-authentication/jwt/exploitation/README.md b/03-authentication/jwt/exploitation/README.md
index 527341cf..c7709ef6 100644
--- a/03-authentication/jwt/exploitation/README.md
+++ b/03-authentication/jwt/exploitation/README.md
@@ -1,5 +1,9 @@
 # JWT 利用实验
 
-> `LAB NOTE` | `规划中`
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
 
-该目录预留给弱密钥、算法降级和 kid 注入的实验复盘，目标是验证控制面，而不是伪造真实第三方令牌。
+该目录用于弱密钥、算法降级和 `kid` 注入的实验复盘，目标是验证控制面，而不是伪造真实第三方令牌。
+
+- 默认工具: [jwt-cracker.py](/Users/x/websafe/03-authentication/jwt/tools/jwt-cracker.py)
+- 输出约束: 不暴露真实明文密钥或第三方真实令牌内容
+- 关联修复: `token-cookie-storage`, `authz-server-side-recheck`
diff --git a/03-authentication/session/exploitation/README.md b/03-authentication/session/exploitation/README.md
index f22c3ad7..8d4e9696 100644
--- a/03-authentication/session/exploitation/README.md
+++ b/03-authentication/session/exploitation/README.md
@@ -1,5 +1,9 @@
 # 会话利用实验
 
-> `LAB NOTE` | `规划中`
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
 
-该目录后续用于会话固定、Cookie 属性和登出失效对照实验。
+该目录用于会话固定、Cookie 属性、登出失效和 Token 轮换的最小化验证说明。
+
+- 默认工具: [session-lab.py](/Users/x/websafe/03-authentication/session/tools/session-lab.py)
+- 证据: Set-Cookie 属性、Storage 痕迹、可疑代理头、run bundle 链路
+- 不适用: 真实账户会话劫持或第三方令牌伪造
diff --git a/04-server-security/nmap-scripts/README.md b/04-server-security/nmap-scripts/README.md
index b5f7d6bf..18aff658 100644
--- a/04-server-security/nmap-scripts/README.md
+++ b/04-server-security/nmap-scripts/README.md
@@ -1,5 +1,9 @@
 # Nmap 脚本目录
 
-> `LAB NOTE` | `规划中`
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
 
-该目录预留给授权实验环境中的 NSE 脚本示例。当前不放置通用对外枚举脚本。
+该目录用于授权实验环境中的 NSE 脚本说明与约束。
+
+- 当前主入口仍是 [port-scanner.py](/Users/x/websafe/04-server-security/scanning/tools/port-scanner.py)
+- 若补充 NSE 样例，只能绑定 `lab-local`、`lab-public`、`authorized-third-party`
+- 不放置通用对外枚举脚本或泛互联网扫描模版
diff --git a/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml b/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml
new file mode 100644
index 00000000..2cb0d9e3
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml
@@ -0,0 +1,8 @@
+services:
+  app:
+    image: gitea/gitea:1.22.6
+    ports:
+    - 18085:3000
+networks:
+  labnet:
+    driver: bridge
diff --git a/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html b/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html
new file mode 100644
index 00000000..5ded3c94
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html
@@ -0,0 +1,41 @@
+<!doctype html>
+<html><head><meta charset='utf-8'><title>websafe run report</title>
+<style>body{font-family:ui-sans-serif,system-ui,sans-serif;margin:2rem;line-height:1.55;background:#f8fafc;color:#0f172a;} code,pre{background:#e2e8f0;padding:.2rem .4rem;border-radius:.3rem;} pre{white-space:pre-wrap;} .grid{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:1rem;} .card{border:1px solid #cbd5e1;padding:1rem;border-radius:.75rem;background:#fff;} table{width:100%;border-collapse:collapse;background:#fff;border:1px solid #cbd5e1;border-radius:.75rem;overflow:hidden;} th,td{padding:.75rem;border-bottom:1px solid #e2e8f0;text-align:left;vertical-align:top;} img{max-width:100%;border:1px solid #cbd5e1;border-radius:.5rem;} .gallery{display:grid;grid-template-columns:repeat(auto-fit,minmax(320px,1fr));gap:1rem;}</style>
+</head><body>
+<h1>Run gitea-livecheck-20260316</h1>
+<div class='grid'>
+<div class='card'><strong>Advisory</strong><br><code>gitea--CVE-2025-68939</code></div>
+<div class='card'><strong>Status</strong><br><code>blocked-artifact</code></div>
+<div class='card'><strong>Profile</strong><br><code>file-upload-generic</code></div>
+<div class='card'><strong>Artifact Mode</strong><br><code>official-image</code></div>
+</div>
+<h2>Mermaid Timeline</h2>
+<pre>flowchart LR
+A[&quot;Select Advisory&quot;] --&gt; B[&quot;Resolve Repro Profile&quot;]
+B --&gt; C[&quot;Provision Compose Environment&quot;]
+C --&gt; D[&quot;Baseline Snapshot&quot;]
+D --&gt; E[&quot;Controlled Attack Steps&quot;]
+E --&gt; F[&quot;Browser Replay&quot;]
+F --&gt; G[&quot;Collect Logs and Evidence&quot;]
+G --&gt; H[&quot;Update Registry and Reports&quot;]
+H --&gt; I[&quot;Blocked: unable to get image &#x27;gitea/gitea:1.22.6&#x27;: Cannot connect to &quot;]</pre>
+<h2>Timeline</h2>
+<table><thead><tr><th>Time</th><th>Step</th><th>Status</th><th>Detail</th></tr></thead><tbody>
+<tr><td><code>2026-03-17T07:02:55+00:00</code></td><td><code>select-advisory</code></td><td><code>completed</code></td><td>gitea--CVE-2025-68939</td></tr>
+<tr><td><code>2026-03-17T07:02:55+00:00</code></td><td><code>resolve-repro-profile</code></td><td><code>completed</code></td><td>file-upload-generic</td></tr>
+<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>provision-compose-environment</code></td><td><code>blocked-artifact</code></td><td>unable to get image &#x27;gitea/gitea:1.22.6&#x27;: Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?</td></tr>
+<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>baseline-snapshot</code></td><td><code>skipped</code></td><td>no baseline urls or provisioning blocked</td></tr>
+<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>browser-replay-before-attack</code></td><td><code>skipped</code></td><td>baseline browser capture unavailable</td></tr>
+<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>controlled-attack-chain</code></td><td><code>skipped</code></td><td>provisioning blocked</td></tr>
+<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>browser-replay-after-attack</code></td><td><code>skipped</code></td><td>proof browser capture unavailable</td></tr>
+<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>collect-logs-and-evidence</code></td><td><code>skipped</code></td><td>container_logs=0</td></tr>
+<tr><td><code>2026-03-17T07:02:56+00:00</code></td><td><code>update-registry-and-reports</code></td><td><code>completed</code></td><td>gitea-livecheck-20260316</td></tr>
+</tbody></table>
+<h2>Attack Steps</h2>
+<table><thead><tr><th>Tool</th><th>Status</th><th>Output</th></tr></thead><tbody>
+<tr><td><code>-</code></td><td><code>skipped</code></td><td><code>no attack steps</code></td></tr>
+</tbody></table>
+<h2>Evidence</h2><ul>
+<li><code>compose/compose.yaml</code></li>
+</ul>
+</body></html>
diff --git a/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md b/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md
new file mode 100644
index 00000000..e2568ec5
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md
@@ -0,0 +1,55 @@
+# Run gitea-livecheck-20260316
+
+> `LAB ONLY` | `AUTHORIZED TARGETS ONLY` | 自动生成 run bundle
+
+- Advisory: `gitea--CVE-2025-68939`
+- 系统: `gitea`
+- Repro Profile: `file-upload-generic`
+- 实证状态: `blocked-artifact`
+- 实证方式: `real`
+- Artifact 模式: `official-image`
+- 启动时间: `2026-03-17T07:02:55+00:00`
+- 完成时间: `2026-03-17T07:02:56+00:00`
+- 阻塞原因: `unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?`
+- Compose 服务: `app`
+
+## 运行时间线
+
+- Mermaid: [timeline.mmd](/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd)
+
+| 时间 | 步骤 | 状态 | 说明 |
+|------|------|------|------|
+| `2026-03-17T07:02:55+00:00` | `select-advisory` | `completed` | gitea--CVE-2025-68939 |
+| `2026-03-17T07:02:55+00:00` | `resolve-repro-profile` | `completed` | file-upload-generic |
+| `2026-03-17T07:02:56+00:00` | `provision-compose-environment` | `blocked-artifact` | unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running? |
+| `2026-03-17T07:02:56+00:00` | `baseline-snapshot` | `skipped` | no baseline urls or provisioning blocked |
+| `2026-03-17T07:02:56+00:00` | `browser-replay-before-attack` | `skipped` | baseline browser capture unavailable |
+| `2026-03-17T07:02:56+00:00` | `controlled-attack-chain` | `skipped` | provisioning blocked |
+| `2026-03-17T07:02:56+00:00` | `browser-replay-after-attack` | `skipped` | proof browser capture unavailable |
+| `2026-03-17T07:02:56+00:00` | `collect-logs-and-evidence` | `skipped` | container_logs=0 |
+| `2026-03-17T07:02:56+00:00` | `update-registry-and-reports` | `completed` | gitea-livecheck-20260316 |
+
+## Compose 拓扑
+
+- Compose 文件: `/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml`
+- 服务列表: `app`
+
+## 攻击步骤
+
+| 工具/步骤 | 状态 | 结果 |
+|-----------|------|------|
+| `-` | `skipped` | `no attack steps` |
+
+## 证据摘要
+
+- Baseline: `0`
+- 攻击步骤: `0`
+- 浏览器证据: `0`
+- 容器日志: `0`
+- 请求日志: `0`
+
+## 最小化验证说明
+
+- 仅限自有资产、本地靶场或已授权实验目标。
+- 默认执行 minimal-proof；不会把破坏性或不可回滚动作作为默认路径。
+- 若浏览器证据缺失，前端类案例不会被标为 `verified-*`。
diff --git a/06-case-studies/generated-runs/gitea-livecheck-20260316/run.json b/06-case-studies/generated-runs/gitea-livecheck-20260316/run.json
new file mode 100644
index 00000000..ab3ec4ef
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-livecheck-20260316/run.json
@@ -0,0 +1,95 @@
+{
+  "run_id": "gitea-livecheck-20260316",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2025-68939",
+  "repro_profile_id": "file-upload-generic",
+  "verification_status": "blocked-artifact",
+  "verification_mode": "real",
+  "artifact_mode": "official-image",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [],
+  "attack_steps": [],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": true,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null
+  },
+  "container_log_refs": [],
+  "request_log_refs": [],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-17T07:02:55+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2025-68939"
+    },
+    {
+      "at": "2026-03-17T07:02:55+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "file-upload-generic"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "provision-compose-environment",
+      "status": "blocked-artifact",
+      "detail": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "baseline-snapshot",
+      "status": "skipped",
+      "detail": "no baseline urls or provisioning blocked"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "skipped",
+      "detail": "baseline browser capture unavailable"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "controlled-attack-chain",
+      "status": "skipped",
+      "detail": "provisioning blocked"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "skipped",
+      "detail": "proof browser capture unavailable"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "skipped",
+      "detail": "container_logs=0"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-livecheck-20260316"
+    }
+  ],
+  "started_at": "2026-03-17T07:02:55+00:00",
+  "finished_at": "2026-03-17T07:02:56+00:00",
+  "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd"
+  }
+}
diff --git a/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd b/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd
new file mode 100644
index 00000000..5b4e2b4b
--- /dev/null
+++ b/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd
@@ -0,0 +1,9 @@
+flowchart LR
+A["Select Advisory"] --> B["Resolve Repro Profile"]
+B --> C["Provision Compose Environment"]
+C --> D["Baseline Snapshot"]
+D --> E["Controlled Attack Steps"]
+E --> F["Browser Replay"]
+F --> G["Collect Logs and Evidence"]
+G --> H["Update Registry and Reports"]
+H --> I["Blocked: unable to get image 'gitea/gitea:1.22.6': Cannot connect to "]
diff --git a/07-framework-security/cms/directus/INDEX.md b/07-framework-security/cms/directus/INDEX.md
index a38bb488..8d5af873 100644
--- a/07-framework-security/cms/directus/INDEX.md
+++ b/07-framework-security/cms/directus/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/discourse/INDEX.md b/07-framework-security/cms/discourse/INDEX.md
index a4d0c3fe..80fa2d5b 100644
--- a/07-framework-security/cms/discourse/INDEX.md
+++ b/07-framework-security/cms/discourse/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/drupal/INDEX.md b/07-framework-security/cms/drupal/INDEX.md
index ef5243e2..ed821cc1 100644
--- a/07-framework-security/cms/drupal/INDEX.md
+++ b/07-framework-security/cms/drupal/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/ghost/INDEX.md b/07-framework-security/cms/ghost/INDEX.md
index ff932079..a10d492f 100644
--- a/07-framework-security/cms/ghost/INDEX.md
+++ b/07-framework-security/cms/ghost/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/joomla/INDEX.md b/07-framework-security/cms/joomla/INDEX.md
index 4d557d74..3e2d5ed4 100644
--- a/07-framework-security/cms/joomla/INDEX.md
+++ b/07-framework-security/cms/joomla/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/mediawiki/INDEX.md b/07-framework-security/cms/mediawiki/INDEX.md
index d58d6f46..e86778c4 100644
--- a/07-framework-security/cms/mediawiki/INDEX.md
+++ b/07-framework-security/cms/mediawiki/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/moodle/INDEX.md b/07-framework-security/cms/moodle/INDEX.md
index 6283b3a2..3bbc35a7 100644
--- a/07-framework-security/cms/moodle/INDEX.md
+++ b/07-framework-security/cms/moodle/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/strapi/INDEX.md b/07-framework-security/cms/strapi/INDEX.md
index 7a82ce75..1a9daada 100644
--- a/07-framework-security/cms/strapi/INDEX.md
+++ b/07-framework-security/cms/strapi/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/cms/wordpress/INDEX.md b/07-framework-security/cms/wordpress/INDEX.md
index 7c48475b..0f7da579 100644
--- a/07-framework-security/cms/wordpress/INDEX.md
+++ b/07-framework-security/cms/wordpress/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/adobe-commerce/INDEX.md b/07-framework-security/ecommerce/adobe-commerce/INDEX.md
index 8edc6dab..b085be40 100644
--- a/07-framework-security/ecommerce/adobe-commerce/INDEX.md
+++ b/07-framework-security/ecommerce/adobe-commerce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/magento-open-source/INDEX.md b/07-framework-security/ecommerce/magento-open-source/INDEX.md
index f4df6d71..f4dc9236 100644
--- a/07-framework-security/ecommerce/magento-open-source/INDEX.md
+++ b/07-framework-security/ecommerce/magento-open-source/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/medusa/INDEX.md b/07-framework-security/ecommerce/medusa/INDEX.md
index 3622bf91..fd7be24b 100644
--- a/07-framework-security/ecommerce/medusa/INDEX.md
+++ b/07-framework-security/ecommerce/medusa/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/opencart/INDEX.md b/07-framework-security/ecommerce/opencart/INDEX.md
index aae98c45..48cfd031 100644
--- a/07-framework-security/ecommerce/opencart/INDEX.md
+++ b/07-framework-security/ecommerce/opencart/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/openmage/INDEX.md b/07-framework-security/ecommerce/openmage/INDEX.md
index 7d7eb23f..fc8c21db 100644
--- a/07-framework-security/ecommerce/openmage/INDEX.md
+++ b/07-framework-security/ecommerce/openmage/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/prestashop/INDEX.md b/07-framework-security/ecommerce/prestashop/INDEX.md
index 5c980182..f0586477 100644
--- a/07-framework-security/ecommerce/prestashop/INDEX.md
+++ b/07-framework-security/ecommerce/prestashop/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/saleor/INDEX.md b/07-framework-security/ecommerce/saleor/INDEX.md
index 314ece6c..4238c139 100644
--- a/07-framework-security/ecommerce/saleor/INDEX.md
+++ b/07-framework-security/ecommerce/saleor/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/shopware/INDEX.md b/07-framework-security/ecommerce/shopware/INDEX.md
index cedf6d6d..ef50c5de 100644
--- a/07-framework-security/ecommerce/shopware/INDEX.md
+++ b/07-framework-security/ecommerce/shopware/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/ecommerce/woocommerce/INDEX.md b/07-framework-security/ecommerce/woocommerce/INDEX.md
index 3ded7461..c61819b1 100644
--- a/07-framework-security/ecommerce/woocommerce/INDEX.md
+++ b/07-framework-security/ecommerce/woocommerce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/angular/INDEX.md b/07-framework-security/frameworks/angular/INDEX.md
index 6366eafb..07cce3d4 100644
--- a/07-framework-security/frameworks/angular/INDEX.md
+++ b/07-framework-security/frameworks/angular/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:45+00:00`
+- 最近渲染时间: `2026-03-17T07:06:37+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/aspnet-core/INDEX.md b/07-framework-security/frameworks/aspnet-core/INDEX.md
index 2a62cb36..6bc120c0 100644
--- a/07-framework-security/frameworks/aspnet-core/INDEX.md
+++ b/07-framework-security/frameworks/aspnet-core/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/astro/INDEX.md b/07-framework-security/frameworks/astro/INDEX.md
index 11cdc734..221744e2 100644
--- a/07-framework-security/frameworks/astro/INDEX.md
+++ b/07-framework-security/frameworks/astro/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:45+00:00`
+- 最近渲染时间: `2026-03-17T07:06:37+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/django/INDEX.md b/07-framework-security/frameworks/django/INDEX.md
index 96d2effa..6e33f724 100644
--- a/07-framework-security/frameworks/django/INDEX.md
+++ b/07-framework-security/frameworks/django/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/echo/INDEX.md b/07-framework-security/frameworks/echo/INDEX.md
index 16bd5c57..13b63980 100644
--- a/07-framework-security/frameworks/echo/INDEX.md
+++ b/07-framework-security/frameworks/echo/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/esbuild/INDEX.md b/07-framework-security/frameworks/esbuild/INDEX.md
index 59fd2c58..b33c0dd9 100644
--- a/07-framework-security/frameworks/esbuild/INDEX.md
+++ b/07-framework-security/frameworks/esbuild/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/express/INDEX.md b/07-framework-security/frameworks/express/INDEX.md
index 8c5e6684..787a3e97 100644
--- a/07-framework-security/frameworks/express/INDEX.md
+++ b/07-framework-security/frameworks/express/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:45+00:00`
+- 最近渲染时间: `2026-03-17T07:06:37+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/fastify/INDEX.md b/07-framework-security/frameworks/fastify/INDEX.md
index 7ed9630e..447b1861 100644
--- a/07-framework-security/frameworks/fastify/INDEX.md
+++ b/07-framework-security/frameworks/fastify/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:45+00:00`
+- 最近渲染时间: `2026-03-17T07:06:37+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/flask/INDEX.md b/07-framework-security/frameworks/flask/INDEX.md
index e0658a9a..64352714 100644
--- a/07-framework-security/frameworks/flask/INDEX.md
+++ b/07-framework-security/frameworks/flask/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/gin/INDEX.md b/07-framework-security/frameworks/gin/INDEX.md
index 823d8336..fa0dbe52 100644
--- a/07-framework-security/frameworks/gin/INDEX.md
+++ b/07-framework-security/frameworks/gin/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/hapi/INDEX.md b/07-framework-security/frameworks/hapi/INDEX.md
index da37824f..ab0d3f58 100644
--- a/07-framework-security/frameworks/hapi/INDEX.md
+++ b/07-framework-security/frameworks/hapi/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:45+00:00`
+- 最近渲染时间: `2026-03-17T07:06:37+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/koa/INDEX.md b/07-framework-security/frameworks/koa/INDEX.md
index 4418c90e..1c2d57af 100644
--- a/07-framework-security/frameworks/koa/INDEX.md
+++ b/07-framework-security/frameworks/koa/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:45+00:00`
+- 最近渲染时间: `2026-03-17T07:06:37+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/laravel/INDEX.md b/07-framework-security/frameworks/laravel/INDEX.md
index 2c9c6d45..f585fb5e 100644
--- a/07-framework-security/frameworks/laravel/INDEX.md
+++ b/07-framework-security/frameworks/laravel/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nestjs/INDEX.md b/07-framework-security/frameworks/nestjs/INDEX.md
index c5df2869..38a10436 100644
--- a/07-framework-security/frameworks/nestjs/INDEX.md
+++ b/07-framework-security/frameworks/nestjs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:45+00:00`
+- 最近渲染时间: `2026-03-17T07:06:37+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nextjs/INDEX.md b/07-framework-security/frameworks/nextjs/INDEX.md
index 7878e661..53da1ddb 100644
--- a/07-framework-security/frameworks/nextjs/INDEX.md
+++ b/07-framework-security/frameworks/nextjs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `26`
-- 最近渲染时间: `2026-03-17T06:35:44+00:00`
+- 最近渲染时间: `2026-03-17T07:06:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nodejs/INDEX.md b/07-framework-security/frameworks/nodejs/INDEX.md
index 304b0d01..236fcdf0 100644
--- a/07-framework-security/frameworks/nodejs/INDEX.md
+++ b/07-framework-security/frameworks/nodejs/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:45+00:00`
+- 最近渲染时间: `2026-03-17T07:06:37+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/nuxt/INDEX.md b/07-framework-security/frameworks/nuxt/INDEX.md
index dd83b6cc..40c550ad 100644
--- a/07-framework-security/frameworks/nuxt/INDEX.md
+++ b/07-framework-security/frameworks/nuxt/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:44+00:00`
+- 最近渲染时间: `2026-03-17T07:06:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/rails/INDEX.md b/07-framework-security/frameworks/rails/INDEX.md
index 2ae3fdaa..bcdc11b2 100644
--- a/07-framework-security/frameworks/rails/INDEX.md
+++ b/07-framework-security/frameworks/rails/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/react/INDEX.md b/07-framework-security/frameworks/react/INDEX.md
index 69813e88..fa1a99aa 100644
--- a/07-framework-security/frameworks/react/INDEX.md
+++ b/07-framework-security/frameworks/react/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:43+00:00`
+- 最近渲染时间: `2026-03-17T07:06:35+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-boot/INDEX.md b/07-framework-security/frameworks/spring-boot/INDEX.md
index 7493bb99..763cf4ee 100644
--- a/07-framework-security/frameworks/spring-boot/INDEX.md
+++ b/07-framework-security/frameworks/spring-boot/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-framework/INDEX.md b/07-framework-security/frameworks/spring-framework/INDEX.md
index 65f2c2dc..6fc83470 100644
--- a/07-framework-security/frameworks/spring-framework/INDEX.md
+++ b/07-framework-security/frameworks/spring-framework/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/spring-security/INDEX.md b/07-framework-security/frameworks/spring-security/INDEX.md
index 4d511423..0c0a47f5 100644
--- a/07-framework-security/frameworks/spring-security/INDEX.md
+++ b/07-framework-security/frameworks/spring-security/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/sveltekit/INDEX.md b/07-framework-security/frameworks/sveltekit/INDEX.md
index 278e287f..653ed404 100644
--- a/07-framework-security/frameworks/sveltekit/INDEX.md
+++ b/07-framework-security/frameworks/sveltekit/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:45+00:00`
+- 最近渲染时间: `2026-03-17T07:06:37+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/symfony/INDEX.md b/07-framework-security/frameworks/symfony/INDEX.md
index 6d3eb581..8d842858 100644
--- a/07-framework-security/frameworks/symfony/INDEX.md
+++ b/07-framework-security/frameworks/symfony/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/undici/INDEX.md b/07-framework-security/frameworks/undici/INDEX.md
index a5d9eb7e..81ab019b 100644
--- a/07-framework-security/frameworks/undici/INDEX.md
+++ b/07-framework-security/frameworks/undici/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `14`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/vite/INDEX.md b/07-framework-security/frameworks/vite/INDEX.md
index 47edc70f..17c15ba5 100644
--- a/07-framework-security/frameworks/vite/INDEX.md
+++ b/07-framework-security/frameworks/vite/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `12`
-- 最近渲染时间: `2026-03-17T06:35:45+00:00`
+- 最近渲染时间: `2026-03-17T07:06:37+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/vue/INDEX.md b/07-framework-security/frameworks/vue/INDEX.md
index 9cb71f3e..67123d7b 100644
--- a/07-framework-security/frameworks/vue/INDEX.md
+++ b/07-framework-security/frameworks/vue/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:44+00:00`
+- 最近渲染时间: `2026-03-17T07:06:36+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/webpack/INDEX.md b/07-framework-security/frameworks/webpack/INDEX.md
index 7cab2da1..a55840de 100644
--- a/07-framework-security/frameworks/webpack/INDEX.md
+++ b/07-framework-security/frameworks/webpack/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/frameworks/werkzeug/INDEX.md b/07-framework-security/frameworks/werkzeug/INDEX.md
index dc0a2f3b..1f45badf 100644
--- a/07-framework-security/frameworks/werkzeug/INDEX.md
+++ b/07-framework-security/frameworks/werkzeug/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/adminer/INDEX.md b/07-framework-security/platforms/adminer/INDEX.md
index d970f271..1f58eaab 100644
--- a/07-framework-security/platforms/adminer/INDEX.md
+++ b/07-framework-security/platforms/adminer/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/gitea/INDEX.md b/07-framework-security/platforms/gitea/INDEX.md
index 234fd6b6..e95858f9 100644
--- a/07-framework-security/platforms/gitea/INDEX.md
+++ b/07-framework-security/platforms/gitea/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `1`
 - 待人工/缺浏览器证据: `36`
-- 最近渲染时间: `2026-03-17T06:35:48+00:00`
+- 最近渲染时间: `2026-03-17T07:06:40+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md
index 93c5aa40..aeb41a0a 100644
--- a/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md
+++ b/07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md
@@ -11,7 +11,7 @@ source_confidence: "official"
 verification_status: "blocked-artifact"
 verification_mode: "real"
 artifact_mode: "official-image"
-last_run_id: "gitea-gitea--CVE-2025-68939-20260317063330"
+last_run_id: "gitea-livecheck-20260316"
 target_types:
   - "lab-local"
   - "lab-public"
@@ -42,9 +42,9 @@ primary_source: "https://github.com/advisories/GHSA-263q-5cv3-xq9g"
 - 实证状态: `blocked-artifact`
 - 实证方式: `real`
 - Artifact 模式: `official-image`
-- 最近运行: `gitea-gitea--CVE-2025-68939-20260317063330`
+- 最近运行: `gitea-livecheck-20260316`
 - 浏览器证据: `missing`
-- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330`
+- Run Bundle: `/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316`
 
 ## 事件层
 
diff --git a/07-framework-security/platforms/gitlab-ce/INDEX.md b/07-framework-security/platforms/gitlab-ce/INDEX.md
index caeb07e2..e1460e81 100644
--- a/07-framework-security/platforms/gitlab-ce/INDEX.md
+++ b/07-framework-security/platforms/gitlab-ce/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:48+00:00`
+- 最近渲染时间: `2026-03-17T07:06:40+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/grafana/INDEX.md b/07-framework-security/platforms/grafana/INDEX.md
index 5a8f877a..6bd1a324 100644
--- a/07-framework-security/platforms/grafana/INDEX.md
+++ b/07-framework-security/platforms/grafana/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:48+00:00`
+- 最近渲染时间: `2026-03-17T07:06:40+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/jenkins/INDEX.md b/07-framework-security/platforms/jenkins/INDEX.md
index 8b3cc8a4..47b1f634 100644
--- a/07-framework-security/platforms/jenkins/INDEX.md
+++ b/07-framework-security/platforms/jenkins/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:48+00:00`
+- 最近渲染时间: `2026-03-17T07:06:40+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/kibana/INDEX.md b/07-framework-security/platforms/kibana/INDEX.md
index 90a6c5de..0f52bbf2 100644
--- a/07-framework-security/platforms/kibana/INDEX.md
+++ b/07-framework-security/platforms/kibana/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:48+00:00`
+- 最近渲染时间: `2026-03-17T07:06:40+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/mattermost/INDEX.md b/07-framework-security/platforms/mattermost/INDEX.md
index a4907032..8fc49ecc 100644
--- a/07-framework-security/platforms/mattermost/INDEX.md
+++ b/07-framework-security/platforms/mattermost/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:48+00:00`
+- 最近渲染时间: `2026-03-17T07:06:40+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/phpmyadmin/INDEX.md b/07-framework-security/platforms/phpmyadmin/INDEX.md
index efb2a3b8..1d8bce0d 100644
--- a/07-framework-security/platforms/phpmyadmin/INDEX.md
+++ b/07-framework-security/platforms/phpmyadmin/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/platforms/redmine/INDEX.md b/07-framework-security/platforms/redmine/INDEX.md
index 4dc41907..5cb223e5 100644
--- a/07-framework-security/platforms/redmine/INDEX.md
+++ b/07-framework-security/platforms/redmine/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:48+00:00`
+- 最近渲染时间: `2026-03-17T07:06:40+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/apache-httpd/INDEX.md b/07-framework-security/servers/apache-httpd/INDEX.md
index 77fa819c..d1e61bc3 100644
--- a/07-framework-security/servers/apache-httpd/INDEX.md
+++ b/07-framework-security/servers/apache-httpd/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/apache-tomcat/INDEX.md b/07-framework-security/servers/apache-tomcat/INDEX.md
index 77a81901..8875f4b9 100644
--- a/07-framework-security/servers/apache-tomcat/INDEX.md
+++ b/07-framework-security/servers/apache-tomcat/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/caddy/INDEX.md b/07-framework-security/servers/caddy/INDEX.md
index b53ab073..a77400d4 100644
--- a/07-framework-security/servers/caddy/INDEX.md
+++ b/07-framework-security/servers/caddy/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/haproxy/INDEX.md b/07-framework-security/servers/haproxy/INDEX.md
index 620711fc..9a0c8c5b 100644
--- a/07-framework-security/servers/haproxy/INDEX.md
+++ b/07-framework-security/servers/haproxy/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/nginx/INDEX.md b/07-framework-security/servers/nginx/INDEX.md
index 57cce67a..0524ef2c 100644
--- a/07-framework-security/servers/nginx/INDEX.md
+++ b/07-framework-security/servers/nginx/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/07-framework-security/servers/traefik/INDEX.md b/07-framework-security/servers/traefik/INDEX.md
index 656b43f8..3d8cf6ef 100644
--- a/07-framework-security/servers/traefik/INDEX.md
+++ b/07-framework-security/servers/traefik/INDEX.md
@@ -12,7 +12,7 @@
 - 已实证(synthetic): `0`
 - 阻塞数: `0`
 - 待人工/缺浏览器证据: `0`
-- 最近渲染时间: `2026-03-17T06:35:46+00:00`
+- 最近渲染时间: `2026-03-17T07:06:38+00:00`
 
 ## 目标约束
 
diff --git a/08-threat-intel/generated/dashboard/index.html b/08-threat-intel/generated/dashboard/index.html
index 146b0543..d6989a0b 100644
--- a/08-threat-intel/generated/dashboard/index.html
+++ b/08-threat-intel/generated/dashboard/index.html
@@ -8,35 +8,86 @@
     h1, h2 { margin-bottom: .5rem; }
     .cards { display: grid; grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); gap: 1rem; margin: 1rem 0 2rem; }
     .card { background: white; border: 1px solid #cbd5e1; border-radius: 14px; padding: 1rem; box-shadow: 0 4px 18px rgba(15,23,42,.06); }
-    table { width: 100%%; border-collapse: collapse; background: white; border-radius: 12px; overflow: hidden; }
+    .filters { display:flex; flex-wrap:wrap; gap:.75rem; margin: 1rem 0; }
+    input, select { padding: .6rem .75rem; border: 1px solid #cbd5e1; border-radius: 10px; background: white; }
+    table { width: 100%%; border-collapse: collapse; background: white; border-radius: 12px; overflow: hidden; margin-bottom: 2rem; }
     th, td { padding: .75rem; border-bottom: 1px solid #e2e8f0; text-align: left; font-size: .92rem; }
     code { background: #e2e8f0; padding: .1rem .35rem; border-radius: 6px; }
+    .muted { color: #475569; }
   </style>
 </head>
 <body>
   <h1>websafe Local Lab Dashboard</h1>
   <p>LAB ONLY | AUTHORIZED TARGETS ONLY | 本地静态看板</p>
   <div id="summary" class="cards"></div>
-  <h2>Recent Runs</h2>
+  <h2>System Coverage</h2>
   <table>
-    <thead><tr><th>Run</th><th>Advisory</th><th>Status</th><th>Mode</th><th>Finished</th><th>Report</th></tr></thead>
+    <thead><tr><th>System</th><th>Total</th><th>Verified Real</th><th>Verified Synthetic</th><th>Blocked</th><th>Manual</th><th>Browser</th><th>Latest</th></tr></thead>
+    <tbody id="systemRows"></tbody>
+  </table>
+  <h2>Recent Runs</h2>
+  <div class="filters">
+    <input id="search" placeholder="Search advisory or run id">
+    <select id="systemFilter"><option value="">All systems</option></select>
+    <select id="statusFilter"><option value="">All statuses</option></select>
+    <select id="familyFilter"><option value="">All profiles</option></select>
+  </div>
+  <table>
+    <thead><tr><th>Run</th><th>System</th><th>Advisory</th><th>Status</th><th>Mode</th><th>Profile</th><th>Finished</th><th>Artifacts</th></tr></thead>
     <tbody id="rows"></tbody>
   </table>
   <script>
     async function main() {
-      const summary = await fetch('./summary.json').then(r => r.json());
-      const runs = await fetch('./runs.json').then(r => r.json());
+      const [summary, runs, systems] = await Promise.all([
+        fetch('./summary.json').then(r => r.json()),
+        fetch('./runs.json').then(r => r.json()),
+        fetch('./systems.json').then(r => r.json())
+      ]);
       const summaryRoot = document.getElementById('summary');
-      const cards = [{label: 'Run Count', value: summary.run_count}];
+      const cards = [{label: 'Advisories', value: summary.advisory_count}, {label: 'Run Count', value: summary.run_count}];
       for (const [key, value] of Object.entries(summary.statuses)) {
         cards.push({label: key, value});
       }
       summaryRoot.innerHTML = cards.map(item => `<div class="card"><strong>${item.label}</strong><div style="font-size:2rem;margin-top:.5rem;">${item.value}</div></div>`).join('');
+
+      const systemRows = document.getElementById('systemRows');
+      systemRows.innerHTML = systems.map(item => `<tr><td><code>${item.system_id}</code></td><td>${item.total}</td><td>${item.verified_real}</td><td>${item.verified_synthetic}</td><td>${item.blocked}</td><td>${item.manual}</td><td>${item.browser_present}/${item.browser_required}</td><td>${item.latest_update || ''}</td></tr>`).join('');
+
+      const systemFilter = document.getElementById('systemFilter');
+      const statusFilter = document.getElementById('statusFilter');
+      const familyFilter = document.getElementById('familyFilter');
+      const search = document.getElementById('search');
+      const distinct = (values) => Array.from(new Set(values.filter(Boolean))).sort();
+      systemFilter.innerHTML += distinct(runs.map(item => item.system_id)).map(value => `<option value="${value}">${value}</option>`).join('');
+      statusFilter.innerHTML += distinct(runs.map(item => item.verification_status)).map(value => `<option value="${value}">${value}</option>`).join('');
+      familyFilter.innerHTML += distinct(runs.map(item => item.repro_profile_id)).map(value => `<option value="${value}">${value}</option>`).join('');
+
       const rows = document.getElementById('rows');
-      rows.innerHTML = runs.map(item => {
-        const report = item.report_refs && item.report_refs.report_html ? item.report_refs.report_html : '';
-        return `<tr><td><code>${item.run_id}</code></td><td><code>${item.advisory_id}</code></td><td>${item.verification_status}</td><td>${item.verification_mode}</td><td>${item.finished_at || ''}</td><td>${report ? `<a href="../../../../${report.replace('/Users/x/websafe/', '')}">open</a>` : '-'}</td></tr>`;
-      }).join('');
+      function renderRows() {
+        const query = search.value.trim().toLowerCase();
+        const filtered = runs.filter(item => {
+          if (systemFilter.value && item.system_id !== systemFilter.value) return false;
+          if (statusFilter.value && item.verification_status !== statusFilter.value) return false;
+          if (familyFilter.value && item.repro_profile_id !== familyFilter.value) return false;
+          if (query) {
+            const haystack = `${item.run_id} ${item.advisory_id} ${item.system_id} ${item.repro_profile_id}`.toLowerCase();
+            if (!haystack.includes(query)) return false;
+          }
+          return true;
+        });
+        rows.innerHTML = filtered.map(item => {
+          const links = [];
+          if (item.dashboard_refs && item.dashboard_refs.report_html) links.push(`<a href="${item.dashboard_refs.report_html}">report</a>`);
+          if (item.dashboard_refs && item.dashboard_refs.timeline) links.push(`<a href="${item.dashboard_refs.timeline}">timeline</a>`);
+          if (item.dashboard_refs && item.dashboard_refs.bundle) links.push(`<a href="${item.dashboard_refs.bundle}">bundle</a>`);
+          if (item.browser_links && item.browser_links.length) links.push(`<a href="${item.browser_links[0]}">browser</a>`);
+          if (item.container_links && item.container_links.length) links.push(`<a href="${item.container_links[0]}">logs</a>`);
+          const reason = item.blocked_reason ? `<div class="muted">${item.blocked_reason}</div>` : '';
+          return `<tr><td><code>${item.run_id}</code>${reason}</td><td><code>${item.system_id}</code></td><td><code>${item.advisory_id}</code></td><td>${item.verification_status}</td><td>${item.verification_mode}</td><td><code>${item.repro_profile_id}</code></td><td>${item.finished_at || ''}</td><td>${links.join(' | ') || '-'}</td></tr>`;
+        }).join('');
+      }
+      [systemFilter, statusFilter, familyFilter, search].forEach(node => node.addEventListener('input', renderRows));
+      renderRows();
     }
     main();
   </script>
diff --git a/08-threat-intel/generated/dashboard/runs.json b/08-threat-intel/generated/dashboard/runs.json
index aa2d5502..3f25c79a 100644
--- a/08-threat-intel/generated/dashboard/runs.json
+++ b/08-threat-intel/generated/dashboard/runs.json
@@ -1,4 +1,108 @@
 [
+  {
+    "run_id": "gitea-livecheck-20260316",
+    "system_id": "gitea",
+    "advisory_id": "gitea--CVE-2025-68939",
+    "repro_profile_id": "file-upload-generic",
+    "verification_status": "blocked-artifact",
+    "verification_mode": "real",
+    "artifact_mode": "official-image",
+    "target_env": "local-docker",
+    "compose_services": [
+      "app"
+    ],
+    "baseline_refs": [],
+    "attack_steps": [],
+    "browser_refs": [],
+    "browser_evidence": {
+      "required": true,
+      "present": false,
+      "refs": [],
+      "baseline_refs": [],
+      "proof_refs": [],
+      "baseline_title": null,
+      "proof_title": null
+    },
+    "container_log_refs": [],
+    "request_log_refs": [],
+    "compose_refs": [
+      "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml"
+    ],
+    "timeline": [
+      {
+        "at": "2026-03-17T07:02:55+00:00",
+        "step": "select-advisory",
+        "status": "completed",
+        "detail": "gitea--CVE-2025-68939"
+      },
+      {
+        "at": "2026-03-17T07:02:55+00:00",
+        "step": "resolve-repro-profile",
+        "status": "completed",
+        "detail": "file-upload-generic"
+      },
+      {
+        "at": "2026-03-17T07:02:56+00:00",
+        "step": "provision-compose-environment",
+        "status": "blocked-artifact",
+        "detail": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
+      },
+      {
+        "at": "2026-03-17T07:02:56+00:00",
+        "step": "baseline-snapshot",
+        "status": "skipped",
+        "detail": "no baseline urls or provisioning blocked"
+      },
+      {
+        "at": "2026-03-17T07:02:56+00:00",
+        "step": "browser-replay-before-attack",
+        "status": "skipped",
+        "detail": "baseline browser capture unavailable"
+      },
+      {
+        "at": "2026-03-17T07:02:56+00:00",
+        "step": "controlled-attack-chain",
+        "status": "skipped",
+        "detail": "provisioning blocked"
+      },
+      {
+        "at": "2026-03-17T07:02:56+00:00",
+        "step": "browser-replay-after-attack",
+        "status": "skipped",
+        "detail": "proof browser capture unavailable"
+      },
+      {
+        "at": "2026-03-17T07:02:56+00:00",
+        "step": "collect-logs-and-evidence",
+        "status": "skipped",
+        "detail": "container_logs=0"
+      },
+      {
+        "at": "2026-03-17T07:02:56+00:00",
+        "step": "update-registry-and-reports",
+        "status": "completed",
+        "detail": "gitea-livecheck-20260316"
+      }
+    ],
+    "started_at": "2026-03-17T07:02:55+00:00",
+    "finished_at": "2026-03-17T07:02:56+00:00",
+    "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
+    "report_refs": {
+      "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
+      "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md",
+      "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html",
+      "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd"
+    },
+    "dashboard_refs": {
+      "report_html": "./runs/gitea-livecheck-20260316/report.html",
+      "report_md": "./runs/gitea-livecheck-20260316/report.md",
+      "timeline": "./runs/gitea-livecheck-20260316/timeline.mmd",
+      "bundle": "./runs/gitea-livecheck-20260316/run.json"
+    },
+    "browser_links": [],
+    "container_links": [],
+    "request_links": []
+  },
   {
     "run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
     "system_id": "gitea",
@@ -28,7 +132,19 @@
       "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
       "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
       "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd"
-    }
+    },
+    "dashboard_refs": {
+      "report_html": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
+      "report_md": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
+      "timeline": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd",
+      "bundle": "./runs/gitea-gitea--CVE-2025-68939-20260317063330/run.json"
+    },
+    "browser_links": [],
+    "container_links": [],
+    "request_links": [
+      "./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
+      "./runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json"
+    ]
   },
   {
     "run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
@@ -68,6 +184,18 @@
       "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
       "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
       "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd"
-    }
+    },
+    "dashboard_refs": {
+      "report_html": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
+      "report_md": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
+      "timeline": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd",
+      "bundle": "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/run.json"
+    },
+    "browser_links": [],
+    "container_links": [],
+    "request_links": [
+      "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
+      "./runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
+    ]
   }
 ]
diff --git a/08-threat-intel/generated/dashboard/runs/gitea-gitea--CVE-2025-68939-20260317063330 b/08-threat-intel/generated/dashboard/runs/gitea-gitea--CVE-2025-68939-20260317063330
new file mode 120000
index 00000000..d9698843
--- /dev/null
+++ b/08-threat-intel/generated/dashboard/runs/gitea-gitea--CVE-2025-68939-20260317063330
@@ -0,0 +1 @@
+../../../../06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330
\ No newline at end of file
diff --git a/08-threat-intel/generated/dashboard/runs/gitea-livecheck-20260316 b/08-threat-intel/generated/dashboard/runs/gitea-livecheck-20260316
new file mode 120000
index 00000000..5aefbc6f
--- /dev/null
+++ b/08-threat-intel/generated/dashboard/runs/gitea-livecheck-20260316
@@ -0,0 +1 @@
+../../../../06-case-studies/generated-runs/gitea-livecheck-20260316
\ No newline at end of file
diff --git a/08-threat-intel/generated/dashboard/runs/nextjs-nextjs--CVE-2025-29927-20260317063047 b/08-threat-intel/generated/dashboard/runs/nextjs-nextjs--CVE-2025-29927-20260317063047
new file mode 120000
index 00000000..623f6913
--- /dev/null
+++ b/08-threat-intel/generated/dashboard/runs/nextjs-nextjs--CVE-2025-29927-20260317063047
@@ -0,0 +1 @@
+../../../../06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047
\ No newline at end of file
diff --git a/08-threat-intel/generated/dashboard/summary.json b/08-threat-intel/generated/dashboard/summary.json
index 670d706c..8bba20dd 100644
--- a/08-threat-intel/generated/dashboard/summary.json
+++ b/08-threat-intel/generated/dashboard/summary.json
@@ -1,80 +1,79 @@
 {
-  "run_count": 2,
+  "generated_at": "2026-03-17T07:06:50+00:00",
+  "advisory_count": 89,
+  "run_count": 3,
   "statuses": {
-    "blocked-artifact": 1,
+    "blocked-artifact": 2,
     "triage-manual": 1
   },
-  "recent_runs": [
+  "recent_failures": [
+    {
+      "run_id": "gitea-livecheck-20260316",
+      "advisory_id": "gitea--CVE-2025-68939",
+      "status": "blocked-artifact",
+      "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
+    },
     {
       "run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
-      "system_id": "gitea",
       "advisory_id": "gitea--CVE-2025-68939",
-      "repro_profile_id": "file-upload-generic",
-      "verification_status": "blocked-artifact",
-      "verification_mode": "real",
-      "artifact_mode": "official-image",
-      "target_env": "local-docker",
-      "compose_services": [
-        "app"
-      ],
-      "baseline_refs": [],
-      "attack_steps": [],
-      "browser_refs": [],
-      "container_log_refs": [],
-      "request_log_refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/attack.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/logs/baseline.json"
-      ],
-      "timeline": [],
-      "started_at": "2026-03-17T06:33:30+00:00",
-      "finished_at": "2026-03-17T06:33:30+00:00",
-      "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
-      "report_refs": {
-        "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330",
-        "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.md",
-        "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/report.html",
-        "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330/timeline.mmd"
-      }
+      "status": "blocked-artifact",
+      "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
     },
     {
       "run_id": "nextjs-nextjs--CVE-2025-29927-20260317063047",
-      "system_id": "nextjs",
       "advisory_id": "nextjs--CVE-2025-29927",
-      "repro_profile_id": "authz-bypass-generic",
-      "verification_status": "triage-manual",
-      "verification_mode": "real",
-      "artifact_mode": "official-source",
-      "target_env": "local-docker",
-      "compose_services": [
-        "app"
-      ],
-      "baseline_refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
-      ],
-      "attack_steps": [
-        {
-          "kind": "note",
-          "tool": null,
-          "args": [],
-          "status": "planned"
-        }
-      ],
-      "browser_refs": [],
-      "container_log_refs": [],
-      "request_log_refs": [
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/attack.json",
-        "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/logs/baseline.json"
-      ],
-      "timeline": [],
-      "started_at": "2026-03-17T06:30:47+00:00",
-      "finished_at": "2026-03-17T06:30:47+00:00",
-      "blocked_reason": "dry-run only",
-      "report_refs": {
-        "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047",
-        "report_md": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.md",
-        "report_html": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/report.html",
-        "timeline": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2025-29927-20260317063047/timeline.mmd"
-      }
+      "status": "triage-manual",
+      "blocked_reason": "dry-run only"
+    }
+  ],
+  "systems": [
+    {
+      "system_id": "gitea",
+      "display_name": "Gitea",
+      "total": 37,
+      "verified_real": 0,
+      "verified_synthetic": 0,
+      "blocked": 1,
+      "manual": 36,
+      "browser_required": 0,
+      "browser_present": 0,
+      "latest_update": "2026-03-03T04:57:57.697708Z"
+    },
+    {
+      "system_id": "nextjs",
+      "display_name": "Next.js",
+      "total": 26,
+      "verified_real": 0,
+      "verified_synthetic": 0,
+      "blocked": 0,
+      "manual": 26,
+      "browser_required": 0,
+      "browser_present": 0,
+      "latest_update": "2026-03-13T22:14:13.665535Z"
+    },
+    {
+      "system_id": "undici",
+      "display_name": "Undici",
+      "total": 14,
+      "verified_real": 0,
+      "verified_synthetic": 0,
+      "blocked": 0,
+      "manual": 14,
+      "browser_required": 0,
+      "browser_present": 0,
+      "latest_update": "2026-03-14T09:19:54.772219Z"
+    },
+    {
+      "system_id": "vite",
+      "display_name": "Vite",
+      "total": 12,
+      "verified_real": 0,
+      "verified_synthetic": 0,
+      "blocked": 0,
+      "manual": 12,
+      "browser_required": 0,
+      "browser_present": 0,
+      "latest_update": "2026-02-04T04:37:24.129476Z"
     }
   ]
 }
diff --git a/08-threat-intel/generated/dashboard/systems.json b/08-threat-intel/generated/dashboard/systems.json
new file mode 100644
index 00000000..e43f62ca
--- /dev/null
+++ b/08-threat-intel/generated/dashboard/systems.json
@@ -0,0 +1,50 @@
+[
+  {
+    "system_id": "gitea",
+    "display_name": "Gitea",
+    "total": 37,
+    "verified_real": 0,
+    "verified_synthetic": 0,
+    "blocked": 1,
+    "manual": 36,
+    "browser_required": 0,
+    "browser_present": 0,
+    "latest_update": "2026-03-03T04:57:57.697708Z"
+  },
+  {
+    "system_id": "nextjs",
+    "display_name": "Next.js",
+    "total": 26,
+    "verified_real": 0,
+    "verified_synthetic": 0,
+    "blocked": 0,
+    "manual": 26,
+    "browser_required": 0,
+    "browser_present": 0,
+    "latest_update": "2026-03-13T22:14:13.665535Z"
+  },
+  {
+    "system_id": "undici",
+    "display_name": "Undici",
+    "total": 14,
+    "verified_real": 0,
+    "verified_synthetic": 0,
+    "blocked": 0,
+    "manual": 14,
+    "browser_required": 0,
+    "browser_present": 0,
+    "latest_update": "2026-03-14T09:19:54.772219Z"
+  },
+  {
+    "system_id": "vite",
+    "display_name": "Vite",
+    "total": 12,
+    "verified_real": 0,
+    "verified_synthetic": 0,
+    "blocked": 0,
+    "manual": 12,
+    "browser_required": 0,
+    "browser_present": 0,
+    "latest_update": "2026-02-04T04:37:24.129476Z"
+  }
+]
diff --git a/08-threat-intel/generated/latest-ingest.md b/08-threat-intel/generated/latest-ingest.md
index e898e863..5a262a03 100644
--- a/08-threat-intel/generated/latest-ingest.md
+++ b/08-threat-intel/generated/latest-ingest.md
@@ -1,6 +1,6 @@
 # 最新同步摘要
 
-- 渲染时间: `2026-03-17T06:35:58+00:00`
+- 渲染时间: `2026-03-17T07:06:50+00:00`
 - 系统数量: `62`
 - Advisory 数量: `89`
 - 重点 Markdown 数量: `89`
diff --git a/08-threat-intel/generated/run-summary.json b/08-threat-intel/generated/run-summary.json
index c20a9ff0..25356e3f 100644
--- a/08-threat-intel/generated/run-summary.json
+++ b/08-threat-intel/generated/run-summary.json
@@ -1,5 +1,5 @@
 {
-  "generated_at": "2026-03-17T06:35:58+00:00",
+  "generated_at": "2026-03-17T07:06:50+00:00",
   "system_count": 62,
   "advisory_count": 89,
   "markdown_count": 89,
diff --git a/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json b/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json
index 1f0e4d94..164d20b9 100644
--- a/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json
+++ b/08-threat-intel/registry/advisories/gitea--CVE-2025-68939.json
@@ -51,9 +51,9 @@
   "triage_reasons": [],
   "verification_status": "blocked-artifact",
   "verification_mode": "real",
-  "last_verified_at": "2026-03-17T06:33:30+00:00",
-  "last_run_id": "gitea-gitea--CVE-2025-68939-20260317063330",
-  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-gitea--CVE-2025-68939-20260317063330",
+  "last_verified_at": "2026-03-17T07:02:56+00:00",
+  "last_run_id": "gitea-livecheck-20260316",
+  "evidence_bundle": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
   "browser_evidence": {
     "required": false,
     "present": false,
diff --git a/08-threat-intel/registry/runs/gitea-livecheck-20260316.json b/08-threat-intel/registry/runs/gitea-livecheck-20260316.json
new file mode 100644
index 00000000..ab3ec4ef
--- /dev/null
+++ b/08-threat-intel/registry/runs/gitea-livecheck-20260316.json
@@ -0,0 +1,95 @@
+{
+  "run_id": "gitea-livecheck-20260316",
+  "system_id": "gitea",
+  "advisory_id": "gitea--CVE-2025-68939",
+  "repro_profile_id": "file-upload-generic",
+  "verification_status": "blocked-artifact",
+  "verification_mode": "real",
+  "artifact_mode": "official-image",
+  "target_env": "local-docker",
+  "compose_services": [
+    "app"
+  ],
+  "baseline_refs": [],
+  "attack_steps": [],
+  "browser_refs": [],
+  "browser_evidence": {
+    "required": true,
+    "present": false,
+    "refs": [],
+    "baseline_refs": [],
+    "proof_refs": [],
+    "baseline_title": null,
+    "proof_title": null
+  },
+  "container_log_refs": [],
+  "request_log_refs": [],
+  "compose_refs": [
+    "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/compose/compose.yaml"
+  ],
+  "timeline": [
+    {
+      "at": "2026-03-17T07:02:55+00:00",
+      "step": "select-advisory",
+      "status": "completed",
+      "detail": "gitea--CVE-2025-68939"
+    },
+    {
+      "at": "2026-03-17T07:02:55+00:00",
+      "step": "resolve-repro-profile",
+      "status": "completed",
+      "detail": "file-upload-generic"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "provision-compose-environment",
+      "status": "blocked-artifact",
+      "detail": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "baseline-snapshot",
+      "status": "skipped",
+      "detail": "no baseline urls or provisioning blocked"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "browser-replay-before-attack",
+      "status": "skipped",
+      "detail": "baseline browser capture unavailable"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "controlled-attack-chain",
+      "status": "skipped",
+      "detail": "provisioning blocked"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "browser-replay-after-attack",
+      "status": "skipped",
+      "detail": "proof browser capture unavailable"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "collect-logs-and-evidence",
+      "status": "skipped",
+      "detail": "container_logs=0"
+    },
+    {
+      "at": "2026-03-17T07:02:56+00:00",
+      "step": "update-registry-and-reports",
+      "status": "completed",
+      "detail": "gitea-livecheck-20260316"
+    }
+  ],
+  "started_at": "2026-03-17T07:02:55+00:00",
+  "finished_at": "2026-03-17T07:02:56+00:00",
+  "blocked_reason": "unable to get image 'gitea/gitea:1.22.6': Cannot connect to the Docker daemon at unix:///Users/x/.docker/run/docker.sock. Is the docker daemon running?",
+  "report_refs": {
+    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316",
+    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.md",
+    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/report.html",
+    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/gitea-livecheck-20260316/timeline.mmd"
+  }
+}
diff --git a/scripts/lab/render.py b/scripts/lab/render.py
index d388e56b..3d404d11 100644
--- a/scripts/lab/render.py
+++ b/scripts/lab/render.py
@@ -212,15 +212,16 @@ def render_dashboard() -> Dict[str, str]:
         if not bundle_dir.exists():
             continue
         symlink_path = runs_dir / item["run_id"]
+        relative_target = os.path.relpath(bundle_dir, symlink_path.parent)
         try:
             if symlink_path.is_symlink() or symlink_path.exists():
-                if symlink_path.is_symlink() and symlink_path.resolve() == bundle_dir.resolve():
+                if symlink_path.is_symlink() and os.readlink(symlink_path) == relative_target:
                     pass
                 else:
                     symlink_path.unlink()
-                    os.symlink(bundle_dir, symlink_path, target_is_directory=True)
+                    os.symlink(relative_target, symlink_path, target_is_directory=True)
             else:
-                os.symlink(bundle_dir, symlink_path, target_is_directory=True)
+                os.symlink(relative_target, symlink_path, target_is_directory=True)
         except OSError:
             continue