const state = {
summary: null,
runs: [],
systems: [],
advisories: {},
profiles: {},
architecture: null,
selectedRunId: null,
selectedArtifact: null,
refreshHandle: null,
refreshMs: 5000,
autoRefresh: true,
filters: {
search: "",
system: "",
status: "",
profile: ""
},
panels: {
timeline: true,
reasoning: true,
evidence: true,
logs: true,
sources: true,
architecture: true,
run_json: false,
advisory_json: false,
profile_json: false
}
};
const STATUS_LABELS = {
"verified-real": "真实版本已实证",
"verified-synthetic": "合成靶场已实证",
"blocked-artifact": "制品阻塞",
"blocked-destructive": "破坏性风险阻塞",
"triage-manual": "人工分诊",
suspected: "仅疑似命中",
completed: "已完成",
failed: "失败",
skipped: "已跳过",
planned: "已规划",
unknown: "未知"
};
const ARTIFACT_KIND_LABELS = {
image: "图片",
text: "文本",
link: "链接"
};
const $ = (id) => document.getElementById(id);
const icon = (name, className = "icon") =>
``;
const statusClass = (status) => ({
"verified-real": "status-pill status-verified-real",
"verified-synthetic": "status-pill status-verified-synthetic",
"blocked-artifact": "status-pill status-blocked-artifact",
"blocked-destructive": "status-pill status-blocked-destructive",
"triage-manual": "status-pill status-triage-manual",
suspected: "status-pill status-suspected",
completed: "status-pill status-verified-real",
failed: "status-pill status-blocked-artifact",
skipped: "status-pill status-triage-manual"
}[status] || "status-pill status-default");
function escapeHtml(value) {
return String(value ?? "")
.replaceAll("&", "&")
.replaceAll("<", "<")
.replaceAll(">", ">")
.replaceAll('"', """);
}
function formatStatus(value) {
return STATUS_LABELS[value] || String(value || "unknown").replaceAll("-", " ");
}
function formatDateTime(value) {
if (!value) return "-";
const date = new Date(value);
if (Number.isNaN(date.getTime())) return String(value);
return date.toLocaleString("zh-CN", {
hour12: false,
year: "numeric",
month: "2-digit",
day: "2-digit",
hour: "2-digit",
minute: "2-digit",
second: "2-digit"
});
}
function timeAgo(value) {
if (!value) return "-";
const diff = Date.now() - new Date(value).getTime();
if (Number.isNaN(diff)) return String(value);
const seconds = Math.floor(diff / 1000);
if (seconds <= 5) return "刚刚";
if (seconds < 60) return `${seconds} 秒前`;
const minutes = Math.floor(seconds / 60);
if (minutes < 60) return `${minutes} 分钟前`;
const hours = Math.floor(minutes / 60);
if (hours < 24) return `${hours} 小时前`;
const days = Math.floor(hours / 24);
return `${days} 天前`;
}
async function fetchJson(url) {
const response = await fetch(`${url}?t=${Date.now()}`, { cache: "no-store" });
if (!response.ok) {
throw new Error(`${url} -> ${response.status}`);
}
return response.json();
}
function distinct(values) {
return [...new Set(values.filter(Boolean))].sort();
}
function sumStatuses(predicate) {
return Object.entries(state.summary?.statuses || {})
.filter(([key]) => predicate(key))
.reduce((sum, [, value]) => sum + Number(value || 0), 0);
}
function metricCards() {
const successCount = Number(state.summary?.statuses?.["verified-real"] || 0) + Number(state.summary?.statuses?.["verified-synthetic"] || 0);
const blockedCount = sumStatuses((key) => key.startsWith("blocked"));
const inProgressCount = Math.max(Number(state.summary?.run_count || 0) - successCount - blockedCount, 0);
return [
{
label: "运行总数",
value: state.summary?.run_count || 0,
note: `已索引漏洞条目 ${state.summary?.advisory_count || 0} 条`,
color: "var(--accent-purple)",
iconName: "report"
},
{
label: "实证成功",
value: successCount,
note: "真实版本 + 合成靶场",
color: "var(--accent-green)",
iconName: "shield"
},
{
label: "当前阻塞",
value: blockedCount,
note: "制品阻塞或破坏性风险阻塞",
color: "var(--accent-red)",
iconName: "failure"
},
{
label: "待处理 / 进行中",
value: inProgressCount,
note: "人工分诊、待补证据或未完成实证",
color: "var(--accent-blue)",
iconName: "timeline"
}
];
}
function renderMetrics() {
$("metricCards").innerHTML = metricCards()
.map(
(card) => `
${icon(card.iconName)}${escapeHtml(card.label)}
${escapeHtml(card.value)}
${escapeHtml(card.note)}
`
)
.join("");
}
function renderSyncState(kind, title, detail) {
$("syncState").innerHTML = `
${icon("sync", "icon icon-sync")}
${escapeHtml(title)}
${escapeHtml(detail)}
`;
$("syncState").dataset.kind = kind;
}
function optionLabel(kind, value) {
if (kind === "status") return formatStatus(value);
return value;
}
function hydrateFilters() {
const controls = [
["systemFilter", "system", state.runs.map((item) => item.system_id), "全部系统"],
["statusFilter", "status", state.runs.map((item) => item.verification_status), "全部状态"],
["profileFilter", "profile", state.runs.map((item) => item.repro_profile_id), "全部复现档案"]
];
for (const [id, key, values, label] of controls) {
const control = $(id);
const current = state.filters[key];
control.innerHTML = ``;
control.innerHTML += distinct(values)
.map((value) => ``)
.join("");
control.value = current;
}
}
function filteredRuns() {
return state.runs.filter((item) => {
if (state.filters.system && item.system_id !== state.filters.system) return false;
if (state.filters.status && item.verification_status !== state.filters.status) return false;
if (state.filters.profile && item.repro_profile_id !== state.filters.profile) return false;
if (!state.filters.search) return true;
const haystack = [
item.run_id,
item.advisory_id,
item.system_id,
item.repro_profile_id,
item.advisory_meta?.title || "",
item.advisory_meta?.summary || ""
]
.join(" ")
.toLowerCase();
return haystack.includes(state.filters.search);
});
}
function renderSystems() {
$("systemStats").innerHTML = state.systems.length
? state.systems
.map((system) => {
const total = Math.max(Number(system.total || 0), 1);
const verified = Number(system.verified_real || 0) + Number(system.verified_synthetic || 0);
const coverage = Math.round((verified / total) * 100);
return `
${escapeHtml(system.display_name || system.system_id)}
${escapeHtml(system.browser_present || 0)}/${escapeHtml(system.browser_required || 0)} 浏览器证据
${escapeHtml(system.system_id)} · 最近更新 ${escapeHtml(formatDateTime(system.latest_update || "-"))}
真实 ${escapeHtml(system.verified_real || 0)}
合成 ${escapeHtml(system.verified_synthetic || 0)}
阻塞 ${escapeHtml(system.blocked || 0)}
`;
})
.join("")
: `暂无系统覆盖数据。
`;
}
function renderRecentFailures() {
const failures = state.summary?.recent_failures || [];
$("recentFailures").innerHTML = failures.length
? failures
.map(
(item) => `
${escapeHtml(item.run_id)}
${escapeHtml(formatStatus(item.status))}
${escapeHtml(item.title || item.advisory_id)}
${escapeHtml(item.blocked_reason || "未提供失败原因。")}
`
)
.join("")
: `当前没有最近失败记录。
`;
}
function renderRunQueue() {
const runs = filteredRuns();
$("runCount").textContent = `${runs.length} 条`;
$("runQueue").innerHTML = runs.length
? runs
.map((item) => {
const active = item.run_id === state.selectedRunId ? "is-active" : "";
const browserState = item.browser_evidence?.present ? "已采集" : (item.browser_evidence?.required ? "必需待补" : "可选");
const lead = item.reasoning_lines?.[0] || item.blocked_reason || item.advisory_meta?.summary || "";
const artifactCount = (item.artifact_groups || []).reduce((sum, group) => sum + Number(group.count || 0), 0);
return `
`;
})
.join("")
: `当前筛选条件下没有匹配的运行。
`;
document.querySelectorAll("[data-run-id]").forEach((button) => {
button.addEventListener("click", () => {
state.selectedRunId = button.dataset.runId;
location.hash = `run=${state.selectedRunId}`;
renderRunQueue();
renderDetail();
});
});
}
function progressSegments(progress) {
const order = [
["completed", "已完成", "progress-completed"],
["blocked", "已阻塞", "progress-blocked"],
["failed", "失败", "progress-failed"],
["skipped", "已跳过", "progress-skipped"],
["planned", "已规划", "progress-planned"],
["other", "其他", "progress-other"]
];
const total = order.reduce((sum, [key]) => sum + Number(progress?.[key] || 0), 0);
if (!total) {
return {
bar: ``,
legend: `暂无进度`
};
}
const bar = order
.filter(([key]) => Number(progress?.[key] || 0) > 0)
.map(([key, _label, className]) => {
const pct = Math.max((Number(progress[key] || 0) / total) * 100, 4);
return ``;
})
.join("");
const legend = order
.filter(([key]) => Number(progress?.[key] || 0) > 0)
.map(([key, label, className]) => `${escapeHtml(label)} ${escapeHtml(progress[key] || 0)}`)
.join("");
return { bar, legend };
}
function timelineTone(status) {
if (status === "completed" || status === "verified-real" || status === "verified-synthetic") return "timeline-success";
if (String(status || "").startsWith("blocked") || status === "failed") return "timeline-blocked";
if (status === "planned") return "timeline-pending";
return "timeline-neutral";
}
function renderPanel(panelKey, title, meta, iconName, content) {
const open = state.panels[panelKey] !== false;
return `
`;
}
function defaultArtifact(run) {
const preference = ["attack", "requests", "container", "browser", "baseline", "compose", "reports"];
for (const key of preference) {
const group = (run.artifact_groups || []).find((item) => item.key === key && item.items?.length);
if (!group) continue;
const textItem = group.items.find((item) => item.kind === "text");
return textItem || group.items[0];
}
return null;
}
async function openArtifact(href, label, kind) {
state.selectedArtifact = { href, label, kind };
document.querySelectorAll(".artifact-button").forEach((button) => {
button.classList.toggle("is-active", button.dataset.href === href);
});
const labelNode = $("viewerLabel");
const metaNode = $("viewerMeta");
const openNode = $("viewerOpen");
const viewer = $("viewerFrame");
if (!labelNode || !metaNode || !openNode || !viewer) return;
labelNode.textContent = label;
metaNode.textContent = href;
openNode.href = href;
try {
if (kind === "image") {
viewer.innerHTML = `}?t=${Date.now()})
`;
return;
}
if (href.endsWith(".html")) {
viewer.innerHTML = ``;
return;
}
const response = await fetch(`${href}?t=${Date.now()}`, { cache: "no-store" });
if (!response.ok) throw new Error(`${href} -> ${response.status}`);
const text = await response.text();
let formatted = text;
if (href.endsWith(".json")) {
try {
formatted = JSON.stringify(JSON.parse(text), null, 2);
} catch (_error) {
}
}
viewer.innerHTML = `${escapeHtml(formatted)}`;
} catch (error) {
viewer.innerHTML = `加载 artifact 失败:${escapeHtml(error.message)}`;
}
}
function bindPanelToggles() {
document.querySelectorAll("[data-panel-toggle]").forEach((button) => {
button.addEventListener("click", () => {
const key = button.dataset.panelToggle;
state.panels[key] = !(state.panels[key] !== false);
const panel = document.querySelector(`[data-panel="${key}"]`);
if (panel) {
panel.classList.toggle("is-collapsed", state.panels[key] === false);
}
});
});
}
function renderArchitectureFields(fields = []) {
if (!fields.length) return "";
return `
${fields
.map(
(field) => `
${escapeHtml(field.label || "-")}
${escapeHtml(field.value || "-")}
`
)
.join("")}
${stats
.map(
(item) => `
${escapeHtml(item.label || "-")}
${escapeHtml(item.value || "-")}
`
)
.join("")}
${escapeHtml(node.title || "未命名节点")}
${node.summary ? `${escapeHtml(node.summary)}` : ""}
${node.items?.length ? `${escapeHtml(node.items.length)} 个子项` : ""}
${node.fields?.length ? `${escapeHtml(node.fields.length)} 个字段` : ""}
${node.links?.length ? `${escapeHtml(node.links.length)} 个链接` : ""}
`;
if (!hasBody) {
return `
${summaryBlock}
`;
}
const openAttr = node.open === false ? "" : "open";
return `
${summaryBlock}
${badges ? `
${badges}
` : ""}
${stats}
${fields}
${links}
${children ? `
${children}
` : ""}
`;
}
function renderArchitecturePanel() {
const architecture = state.architecture;
if (!architecture) {
return renderPanel("architecture", "当前架构库", "未生成", "systems", `尚未找到架构 JSON,请先执行渲染命令。
`);
}
const sections = architecture.sections || [];
const content = `
${escapeHtml(architecture.title || "当前架构库")}
${escapeHtml(architecture.summary || "当前工作台的结构化真值视图。")}
生成时间 ${escapeHtml(formatDateTime(architecture.generated_at))}
架构 JSON
镜像页
仓库入口镜像
${sections.length ? sections.map((section) => renderArchitectureNode(section, 0)).join("") : `
架构库目前没有可展示的分区。
`}
${icon("shield", "icon icon-xl")}
选择一个运行
左侧队列用于切换 run。即使当前没有选中运行,你也可以直接展开下方“当前架构库”查看仓库控制面、数据层、系统分组、授权边界与本地入口。
${segments.bar}
${segments.legend}
${(run.timeline || [])
.map((item) => `
${escapeHtml(item.step || "-")}
${escapeHtml(formatDateTime(item.at || "-"))}
${escapeHtml(formatStatus(item.status || "unknown"))}
${escapeHtml(item.detail || "-")}
`)
.join("") || `
当前运行没有记录时间线。
`}
失败原因${escapeHtml(run.blocked_reason)}
` : ""}
漏洞家族 ${escapeHtml(profile.vuln_family || "未定义")}
清理策略 ${escapeHtml(profile.cleanup_policy || "-")}
破坏性风险 ${escapeHtml(profile.destructive_risk || "-")}
制品模式 ${escapeHtml(run.artifact_mode || "-")}
${reasoningCards
.map(
(card) => `
${escapeHtml(card.label)}
${escapeHtml(card.copy)}
`
)
.join("")}
${(run.artifact_groups || [])
.map(
(group) => `
${escapeHtml(group.label)} · ${escapeHtml(group.count)}
${group.items
.map(
(item) => `
`
)
.join("")}
`
)
.join("") || `
当前运行没有可浏览的产物分组。
`}
${
screenshotItems.length
? `
${screenshotItems
.map(
(item) => `
`
)
.join("")}
`
: ""
}
选择报告、日志、截图、JSON 或 HTML 产物后,会在这里直接预览。
`;
const sourceLinks = [
advisory.official_source_url
? `${escapeHtml(advisory.official_source_url)}`
: `当前漏洞条目没有关联官方来源。`,
...(advisory.secondary_source_urls || []).map((url) => `${escapeHtml(url)}`)
].join("");
const sourcesContent = `
${(advisory.aliases || []).map((alias) => `
${escapeHtml(alias)}`).join("")}
${(advisory.secure_code_topics || []).map((topic) => `
${escapeHtml(topic)}`).join("")}
${sourceLinks}
`;
const rawRunContent = `${escapeHtml(JSON.stringify(run, null, 2))}`;
const rawAdvisoryContent = `${escapeHtml(JSON.stringify(advisory, null, 2))}`;
const rawProfileContent = `${escapeHtml(JSON.stringify(profile, null, 2))}`;
$("detailWorkspace").innerHTML = `
${escapeHtml(formatStatus(run.verification_status))}
${escapeHtml(run.system_id)}
${escapeHtml(run.repro_profile_id)}
${escapeHtml(run.verification_mode || "-")}
${escapeHtml(run.target_env || "-")}
${escapeHtml(advisory.title || run.advisory_id)}
${escapeHtml(advisory.summary || "当前漏洞条目没有摘要。")}
时间线步骤
${escapeHtml(run.timeline?.length || 0)}
Artifact 数
${escapeHtml(artifactCount)}
浏览器证据
${escapeHtml(browserStatus)}
完成时间
${escapeHtml(timeAgo(run.finished_at))}
${renderPanel("timeline", "进度时间线", `${escapeHtml(run.timeline?.length || 0)} 步`, "timeline", timelineContent)}
${renderPanel("reasoning", "攻击方案与推理", escapeHtml(profile.vuln_family || "未定义"), "reasoning", reasoningContent)}
${renderPanel("evidence", "证据浏览器", `${escapeHtml(run.artifact_groups?.length || 0)} 组`, "evidence", evidenceContent)}
${renderPanel("logs", "实时日志查看器", state.selectedArtifact ? "已选产物" : "等待选择", "logs", logContent)}
${renderPanel("sources", "来源与修复主题", `${escapeHtml((advisory.secondary_source_urls || []).length + (advisory.official_source_url ? 1 : 0))} 条链接`, "sources", sourcesContent)}
${renderArchitecturePanel()}
${renderPanel("run_json", "运行 JSON", "原始数据", "json", rawRunContent)}
${renderPanel("advisory_json", "漏洞条目 JSON", "原始数据", "json", rawAdvisoryContent)}
${renderPanel("profile_json", "复现档案 JSON", "原始数据", "json", rawProfileContent)}
`;
bindPanelToggles();
document.querySelectorAll("[data-artifact]").forEach((button) => {
button.addEventListener("click", () => openArtifact(button.dataset.href, button.dataset.label, button.dataset.kind));
});
$("viewerRefresh")?.addEventListener("click", () => {
if (state.selectedArtifact) {
openArtifact(state.selectedArtifact.href, state.selectedArtifact.label, state.selectedArtifact.kind);
}
});
const artifactExists = (run.artifact_groups || []).some((group) => group.items.some((item) => item.href === state.selectedArtifact?.href));
const defaultItem = artifactExists ? state.selectedArtifact : defaultArtifact(run);
if (defaultItem) {
openArtifact(defaultItem.href, defaultItem.label, defaultItem.kind);
}
}
function renderAll() {
renderMetrics();
renderSystems();
renderRecentFailures();
renderRunQueue();
renderDetail();
}
function attachGlobalEvents() {
$("searchInput").addEventListener("input", (event) => {
state.filters.search = String(event.target.value || "").trim().toLowerCase();
renderRunQueue();
});
[
["systemFilter", "system"],
["statusFilter", "status"],
["profileFilter", "profile"]
].forEach(([id, key]) => {
$(id).addEventListener("input", (event) => {
state.filters[key] = String(event.target.value || "");
renderRunQueue();
});
});
$("refreshDashboard").addEventListener("click", () => loadData(false));
$("autoRefresh").addEventListener("change", (event) => {
state.autoRefresh = Boolean(event.target.checked);
startRefreshLoop();
});
}
function startRefreshLoop() {
if (state.refreshHandle) {
clearInterval(state.refreshHandle);
state.refreshHandle = null;
}
if (!state.autoRefresh) return;
state.refreshHandle = setInterval(() => loadData(true), state.refreshMs);
}
async function loadData(preserveSelection = true) {
const previous = state.selectedRunId;
renderSyncState("loading", "刷新中", `本地时间 ${new Date().toLocaleTimeString("zh-CN", { hour12: false })}`);
try {
const [summary, runs, systems, advisories, profiles, architecture] = await Promise.all([
fetchJson("./summary.json"),
fetchJson("./runs.json"),
fetchJson("./systems.json"),
fetchJson("./advisories.json"),
fetchJson("./profiles.json"),
fetchJson("./architecture.json")
]);
state.summary = summary;
state.runs = runs;
state.systems = systems;
state.advisories = advisories;
state.profiles = profiles;
state.architecture = architecture;
hydrateFilters();
const hashRun = location.hash.startsWith("#run=") ? location.hash.replace("#run=", "") : null;
const candidate = preserveSelection ? (hashRun || previous) : hashRun;
if (candidate && runs.some((item) => item.run_id === candidate)) {
state.selectedRunId = candidate;
} else {
state.selectedRunId = runs[0]?.run_id || null;
}
renderAll();
renderSyncState("live", "实时同步", `最近生成 ${formatDateTime(summary.generated_at || new Date().toISOString())}`);
} catch (error) {
$("runQueue").innerHTML = `工作台加载失败:${escapeHtml(error.message)}
`;
$("detailWorkspace").innerHTML = `加载失败
${escapeHtml(error.message)}