# 全库 Advisory 完整度报告

- 生成时间: `2026-03-18T21:23:23+00:00`
- 最新 advisory 完整度: `89/89` `verified-real`
- 合成验证数量: `0`
- 阻塞数量: `0`
- 人工/待补证据数量: `0`
- 完整度百分比: `100.0%`
- active source 全绿: `125/125`
- source open alerts: `0`
- 最近一次 source 全绿: `2026-03-18T21:09:25+00:00`

## 系统覆盖矩阵

| 系统 | 总数 | verified-real | verified-synthetic | blocked | manual | family 覆盖 |
| --- | ---: | ---: | ---: | ---: | ---: | --- |
| gitea | 37 | 37 | 0 | 0 | 0 | authz-bypass(3/3), file-upload(2/2), proxy-boundary(26/26), ssrf(1/1), xss(5/5) |
| nextjs | 26 | 26 | 0 | 0 | 0 | authz-bypass(2/2), deserialization(1/1), proxy-boundary(19/19), ssrf(2/2), xss(2/2) |
| undici | 14 | 14 | 0 | 0 | 0 | ssrf(14/14) |
| vite | 12 | 12 | 0 | 0 | 0 | proxy-boundary(11/11), xss(1/1) |

## 历史阻塞项修复纪要

- Docker daemon unavailable caused provision-compose-environment blocked-artifact.
- Family profiles previously used note-only attack runners and dry-run placeholders.
- Baseline and browser steps were skipped when environment readiness was not enforced.
- Latest completeness now uses one advisory -> latest run semantics instead of historical run piles.
- Source health now counts only status=active sources; retired sources are audited separately with replacement links.

## Ingest / Source 健康度

- source failures: `0`
- active sources: `125`
- green sources: `125`
- open alerts: `0`

## 剩余风险说明

- 本报告按 advisory 的最新 run 计算；历史失败 run 仅保留审计价值，不再污染完整度数字。
- `browser_required=true` 的案例必须同时存在基线与攻击后浏览器证据，缺失则不会进入 `verified-real`。
- source collector 健康度单独计数；只有当 failures 归零时，报告与 dashboard 才算真正全绿。