Ed1s0nZ/CyberStrikeAI

为解决多项目共用系统 /tmp 导致下载的 JS/HTML 等文件互窜的问题，新增按会话隔离的工作目录：默认落在 tmp/workspace/，已绑项目时用 projects/<项目ID>/，未绑项目时用 conversations/<对话ID>/。每次 Agent 启动时自动创建目录，并将路径注入四种主模式（eino_single、deep、plan_execute、supervisor）的系统提示，引导下载与 read_file/glob/grep 都在该目录下进行；可通过 agent.workspace_root_dir 自定义根路径。删未绑项目的会话会清理对应工作区，删项目会清理整个项目工作区。 --- To fix cross-project file contamination from agents downloading and reading assets under the shared system /tmp, CyberStrikeAI now provisions an isolated session workspace under tmp/workspace/—projects/<projectId>/ when a conversation is project-bound, otherwise conversations/<conversationId>/. The directory is created on each agent run and injected into the system prompt for all four main modes (eino_single, deep, plan_execute, supervisor), directing downloads and local analysis (read_file/glob/grep) away from /tmp. The root path is configurable via agent.workspace_root_dir; unbound conversations clean up on delete, and project workspaces are removed when the project is deleted.

批量任务队列支持可配置并发执行（默认串行，最高 8 路 worker），创建/编辑队列时可设置 concurrency；采用原子领取与执行器去重，提升多子任务场景下的吞吐与稳定性。同步修复任务管理中的若干边界问题（执行中删除保护、取消卡住清理、单条重跑状态收口等）。 --- Batch task queues now support configurable concurrent execution (default serial, up to 8 workers). Set concurrency when creating or editing a queue; tasks are claimed atomically with executor deduplication for safer parallel runs. Also fixes several task-management edge cases, including delete guards while executing, stuck-cancel cleanup, and single-task rerun state handling.

针对多轮迭代会话切换卡顿，本次优化采用三层渐进加载：切换会话时不再预拉取最后一条消息的渗透详情，仅使用轻量 API（include_process_details=0）；用户点击「展开详情」后才按需请求该条消息的 process-details；时间线内每个工具调用默认只显示标题行，点击后再渲染参数与执行结果，大批量条目通过 requestAnimationFrame 分批绘制。运行中任务仍走 task-events 补流，行为不受影响。 --- To fix lag when switching between long-running chat sessions, we implemented three layers of progressive loading: session switches no longer prefetch the last message’s penetration details and rely on the lightweight API (include_process_details=0); full process details load only when the user clicks “Expand details”; within the timeline, each tool call renders as a header-only row until clicked, with large timelines painted in batches via requestAnimationFrame. In-flight tasks are unchanged and still resume through the task-events replay stream.

CyberStrikeAI 项目管理新增「攻击路径」功能：在原有「事实黑板」表格之外，提供基于 Cytoscape + ELK 的交互式有向图，将同一套 `project_facts` 与关系边可视化为「目标 → 发现 → 利用」的攻击链条。Agent 通过 `upsert_project_fact` 写入事实时同步维护 `links`，人类可在图中连边、改置信度、沉淀对话攻击链；系统还会在黑板索引中注入攻击路径速览，让跨会话协作从「罗列发现」升级为「看清怎么打」。 --- CyberStrikeAI Project Management adds an **Attack Path** view: alongside the existing fact table, an interactive directed graph (Cytoscape + ELK) turns the same `project_facts` and relationship edges into a clear chain from targets through findings to exploits. Agents maintain structure via `links` in `upsert_project_fact`; operators can connect edges, adjust confidence, and persist conversation attack chains. With an attack-path summary injected into the project blackboard index, cross-session work shifts from listing discoveries to seeing how they connect into an actionable, verifiable path.

更新事实刷新时机

本次主要完善了 C2 会话管理的体验与可靠性：会话/任务列表支持 SSE 实时刷新；会话详情、任务历史与信息页做了紧凑美化；修复 Sleep/抖动被心跳覆盖无法生效的问题，并改为单次自定义配置弹窗；系统配置中新增从 API 自动获取模型列表；另修复页头批量删除按钮对齐、标签切换黑框闪烁等问题。 --- This update improves C2 session management UX and reliability: session/task lists refresh in real time via SSE; the detail view, task history, and info panel were redesigned to be more compact; Sleep/jitter settings no longer get overwritten by heartbeats and use a single custom modal; settings now support fetching the model list from the configured API; plus minor fixes for header button alignment and tab-switch focus flash.

本次更新统一了大工具输出处理：删除 large_result_threshold、result_storage_dir 和 query_execution_result；超过 reduction_max_length_for_trunc（50KB）的结果由 Eino reduction 生成 <persisted-output> 并落盘。落盘路径在 tmp/reduction/ 下按项目区分：已绑定项目为 projects/{项目ID}/，未绑定则为 conversations/{会话ID}/。 --- This update unifies large tool-output handling by removing large_result_threshold, result_storage_dir, and query_execution_result. Outputs above reduction_max_length_for_trunc (50KB) are truncated via Eino reduction into <persisted-output> and saved under tmp/reduction/, scoped by project (projects/{projectID}/ when a project is bound, otherwise conversations/{conversationID}/).

将原先依赖 jsdelivr CDN 的 7 个前端库全部下载到 web/static/vendor/ 并改成本地引用，内网/离线部署不再因外网不可达导致 JS 加载不全。 --- All seven frontend libraries that previously loaded from the jsdelivr CDN were vendored under web/static/vendor/ and wired to local paths, so intranet/offline deployments no longer break when external CDNs are unreachable.

修复项目管理页误调 syncProjectsModalBodyLock、将 router.js 提前加载以避免 switchPage 未定义，并补全 hash 路由对 projects 页的支持。 --- Fixed the projects page by calling syncAppModalBodyLock instead of the missing function, loading router.js in <head> so switchPage is defined before nav clicks, and adding projects to hash-based routing.

本次围绕外部 MCP（含 SSE 长连接）做了连接自愈：断连检测、状态修正、指数退避自动重连，并避免与手动停止或进行中的连接冲突；MCP 管理页增加定时刷新与断连原因展示。同时修复外部工具「常驻」在 tool_search 下不生效的问题（配置用 mcp::tool，运行时匹配 mcp__tool），监控页统一以双下划线展示工具名，与模型侧命名一致。 --- This update adds resilient external MCP handling (including SSE long-lived connections): dead-connection detection, corrected client state, and auto-reconnect with exponential backoff, while avoiding races with manual stop or in-flight connects; the MCP management UI now polls status and shows disconnect reasons. It also fixes external tools not staying “always visible” under tool_search (config uses mcp::tool, runtime matches mcp__tool), and aligns the monitor UI with model-facing mcp__tool names instead of internal mcp::tool.

本次围绕 Eino P0 能力做了配置落地与缺陷修复：启用 plantask 结构化任务板、checkpoint 崩溃续跑、模型调用重试与 session 输出键；修复 plantask 在第二次 TaskCreate 时因路径不兼容导致 .highwatermark 读失败的问题；补齐 summarization 触发后 conversation_artifacts/.../transcript.txt 未写入的缺口，并按最佳实践瘦身 transcript——完整保留 user/assistant/tool 轮次与项目黑板等动态注入，省略工具索引、固定 system 与 Skills 模板等静态内容，供压缩后 read_file 查阅技术细节。 --- This update lands the Eino P0 stack—plantask task boards, checkpoint resume, ChatModel retries, and session output keys—and fixes a plantask path bug that broke TaskCreate after the first task. It also adds summarization transcript persistence under conversation_artifacts, with best-practice filtering: full user/assistant/tool history plus dynamic project blackboard, while omitting static system prompts, tool indexes, and Skills boilerplate so models can recover technical details via read_file after context compression.

为每段助手输出增加 streamId 与 iteration 元数据；前端仅在同一 streamId 内合并流式更新，在 tool_calls_detected 与主通道轮次切换时清流式状态，避免 PE「执行输出」跨轮或工具调用后被覆盖；落库 planning 也按 streamId/iteration 分段，刷新后与线上一致。 --- Each assistant segment now carries streamId and iteration. The UI only merges chunks within the same stream, clears stream state on tool detection and main-channel round changes, so Plan-Execute “Execution output” no longer overwrites earlier boxes. Persisted planning rows are split by streamId/iteration for consistency after refresh.

修复了 Eino 路径下「模型推理 = 关闭」时仍可能触发 DeepSeek V4 默认 thinking 的问题：原先 off 仅表示不下发参数，但 deepseek-v4-flash 等模型默认开启 thinking，与 Plan-Execute 的强制 tool_choice 冲突并返回 400；现改为在 off 时统一显式下发 {"thinking": {"type": "disabled"}}，无需再按 DeepSeek 线路单独检测。 --- Fixed Plan-Execute 400 errors when reasoning was set to Off: previously Off meant omitting thinking parameters, but DeepSeek V4 models default to thinking enabled, which conflicts with Plan-Execute’s forced tool_choice. Off now always sends {"thinking": {"type": "disabled"}} on the Eino path, with no provider-specific detection required.

修复了多代理并行调用工具时，createProgressCallback 内多个 map 被多 goroutine 并发读写导致的 concurrent map read and map write panic（[Issue #142](https://github.com/Ed1s0nZ/CyberStrikeAI/issues/142)）。通过在闭包内增加 sync.Mutex 串行化状态更新，消除进程崩溃风险；对外接口、SSE 事件与用户交互不变，并补充了 -race 并发测试。 --- Fixed a fatal concurrent map read and map write panic ([Issue #142](https://github.com/Ed1s0nZ/CyberStrikeAI/issues/142)) when Eino ran multiple tools in parallel and concurrently invoked the progress callback in createProgressCallback. A per-callback sync.Mutex now serializes access to shared maps and aggregation state, preventing crashes without changing APIs, SSE events, or user-facing behavior; a concurrent -race test was added for regression coverage.

本次围绕 视觉分析（analyze_image） 做了端到端补齐：独立 Vision 模型经 MCP 分析本地图片，对话上下文只保留文字摘要。单代理与多代理（主/子）在 vision.enabled 且配置了模型时统一注入图片分析提示；验证码场景在系统提示、工具参数与 VL 侧有轻量约束。P0 修复包括：上传附件仅列出路径、去掉误导性的「读取文件内容」指引；提示词按 vision.Ready() 门控；Deep/Supervisor 编排的 task/transfer 交接包补充图片路径与输出格式。P1 更新了 README 中英文、docs/VISION.md、OpenAPI（VisionConfig、analyze_image、/api/config/test-vision）。钉钉/飞书/企微机器人已复用同一 Agent 与 Vision 能力，但尚不支持用户直接发图，需自行提供服务器路径。 --- This update completes the vision analysis (analyze_image) flow: a separate VL model via MCP reads local images and returns text-only summaries in agent context. Single- and multi-agent prompts inject image guidance only when vision is enabled with a model; captcha use cases get light hints in prompts, tool params, and the VL call. P0 fixes: chat uploads list paths only (no “read file contents” nudge), gated vision prompts, and orchestrator handoff templates for image/captcha paths. P1 adds README (EN/ZH), docs/VISION.md, and OpenAPI (VisionConfig, analyze_image, POST /api/config/test-vision). DingTalk/Lark/WeCom bots already share the same agent and vision tools, but inbound images are not supported yet—users must supply on-server file paths.

为机器人对话补充了项目管理能力：可通过 项目、新建项目、绑定项目、解除项目 等命令（含英文别名）创建/绑定/解绑项目，使机器人会话也能使用事实黑板；当前 命令会显示绑定项目；帮助 按通用、对话、角色、项目分类，并改为 IM 友好的纯文本格式（【】、·）。后端仅改动 internal/handler/robot.go，设置页文档同步更新。 --- Robot chat now supports project management via commands such as 项目 / projects, 新建项目 / new project, 绑定项目 / bind project, and 解除项目 / unbind project, so bot conversations can create, bind, and unbind projects and use the shared fact board. The 当前 / current command also shows the bound project. Help text is grouped by category (General, Conversation, Role, Project) and uses plain-text formatting for IM clients. Backend changes are limited to internal/handler/robot.go; the settings page docs were updated accordingly.

此次数据库优化主要聚焦在 SQLite 的稳定性与高并发读写效率：通过统一连接池参数、启用并细化 WAL 相关 PRAGMA（如自动 checkpoint 和日志大小上限）、增加后台 PASSIVE checkpoint 循环来抑制 -wal 文件膨胀；同时在高频路径引入更轻量的状态更新接口（避免全量 upsert），并对分页查询的 limit/offset 做边界保护，配合关键索引补齐，整体降低了锁竞争与慢查询风险。 --- This round of database optimization focused on SQLite stability and high-frequency workload efficiency: we standardized connection pool settings, tuned WAL pragmas (including auto-checkpoint and journal size limits), and added a background passive checkpoint loop to prevent long-term -wal growth. We also introduced lightweight update paths for heartbeat-style writes (instead of full upserts), enforced pagination bounds on limit/offset, and reinforced key indexes, which together reduce lock contention and slow-query risk.

1、任务管理支持绑定项目； 2、其他bug修复。

主对话区支持智能粘底：流式输出时自动跟到底部；上滑看历史时不抢滚动，并提示「有新内容 / 回到底部」；刷新后任务补流与直接发送使用同一跟随策略。对话区「选择项目」浮层底部新增**「新建项目」**，可直接创建并自动绑定当前对话，无需进入项目管理页。 --- The main chat now uses smart stick-to-bottom: auto-follow during streaming, no scroll hijacking when you read history (with a “new content / scroll to bottom” hint), and the same follow behavior for live sends and post-refresh task replay. The chat “Select project” popover now includes a “New project” action at the bottom so users can create and bind a project to the current conversation without opening Project Management.

本次更新强化了「项目事实黑板」的知识沉淀方式：要求 summary 写清「什么 + 在哪 + 如何验证」，body 记录完整攻击链与 POC（而非只记结论）。后端在 MCP 工具、系统提示与软校验中落地模板与规范；前端同步支持分类下拉、攻击链/环境模板插入、Body 完整度标识与保存提醒，便于审计复现与跨会话协作。 --- This release improves the project fact blackboard for audit-ready knowledge: summaries must state what, where, and how to verify; bodies must capture full attack chains and POCs, not conclusions alone. The backend enforces this via MCP tools, system prompts, and soft validation with templates; the frontend adds category presets, template insertion, body-completeness badges, and save warnings—so findings stay reproducible across sessions.

新增项目管理：可在 Web 端创建、编辑、归档项目，按项目归类对话与漏洞；支持项目黑板（共享事实），在多轮会话间沉淀目标、环境、认证等认知，并自动注入 Agent 上下文；Agent 可通过 MCP 工具（如 upsert_project_fact、get_project_fact）读写黑板，便于长期渗透测试任务的上下文延续。 --- Added project management: create, edit, and archive projects in the Web UI; group conversations and vulnerabilities by project. Shared facts (project blackboard) persist cross-session context (targets, environment, auth notes) and are auto-injected into agent prompts. Agents can read/write the blackboard via MCP tools (e.g. upsert_project_fact, get_project_fact) for continuity across long-running engagements.

本次更新做了两点：第一，临时错误重试改为“成功后重置”，即只要某段执行成功，就把重试次数和退避节奏清零，后续再遇到 transient 错误会从第 1 次重试重新开始。第二，修复了分段续跑时主代理轮次显示回跳的问题，在同一请求内对 iteration 做累计偏移，避免出现“第3轮→第1轮”，让前端轮次持续递增、体验更一致。 --- This update includes two key changes. First, transient retry behavior now resets after a successful segment, meaning retry count and backoff schedule start over from scratch on the next transient failure. Second, the main-agent iteration display no longer jumps backward during segmented resumes; we added an in-request iteration offset so UI rounds remain monotonic (e.g., no more “Round 3 → Round 1”).

本次新增 Eino 临时错误自动重试机制：遇 429、5xx、网络抖动等可恢复错误时，在保持同一会话上下文的前提下分段退避续跑（可配置次数与退避上限），不向模型注入重试说明；并保证重试时仍携带本轮用户输入，避免续跑后偏离当前问题。 --- This release adds automatic retry for transient Eino run errors (429, 5xx, network issues, etc.): the handler persists trace, applies exponential backoff, and resumes within the same session without injecting retry notices into the model context. The current user message is preserved across retries so the agent stays aligned with the latest request.

本次更新完善了「系统设置 → 日志审计」：平台操作统一入库（含各入口创建对话），支持筛选、分页、JSON/CSV 导出；删除类或关联资源已不存在的记录不再提供「打开关联资源」，并修复 chat 跳转按钮的脚本错误。审计保留 retention_days（0 为不清理），进程启动时清理一次，运行中改为每小时检查并删除超期 audit_logs；不再记录对话正文与终端/WebShell 每条命令。 --- This release improves System Settings → Log Audit: platform actions are recorded consistently (including conversation creation from all entry points), with filtering, pagination, and JSON/CSV export. The “open related resource” action is hidden when the resource was deleted or is gone, and the chat jump button script error is fixed. Retention uses retention_days (0 = no purge): one cleanup at startup, then hourly while the process runs. Chat content and per-command terminal/WebShell logs are not audited.

增加微信bot。