From 7585b9d60327d22998ad81466019cb73ad37e008 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=85=AC=E6=98=8E?=
 <83812544+Ed1s0nZ@users.noreply.github.com>
Date: Thu, 25 Dec 2025 22:42:19 +0800
Subject: [PATCH] Add files via upload

---
 README.md    | 7 ++++++-
 README_CN.md | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 2249e749..9bf089b6 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,7 @@ CyberStrikeAI is an **AI-native penetration-testing copilot** built in Go. It co
 - 🔒 Password-protected web UI, audit logs, and SQLite persistence
 - 📚 Knowledge base with vector search and hybrid retrieval for security expertise
 - 📁 Conversation grouping with pinning, rename, and batch management
+- 🛡️ Vulnerability management with CRUD operations, severity tracking, status workflow, and statistics
 
 ## Tool Overview
 
@@ -107,6 +108,7 @@ CyberStrikeAI ships with 100+ curated tools covering the whole kill chain:
 - **Tool monitor** – Inspect running jobs, execution logs, and large-result attachments.
 - **History & audit** – Every conversation and tool invocation is stored in SQLite with replay.
 - **Conversation groups** – Organize conversations into groups, pin important groups, rename or delete groups via context menu.
+- **Vulnerability management** – Create, update, and track vulnerabilities discovered during testing. Filter by severity (critical/high/medium/low/info), status (open/confirmed/fixed/false_positive), and conversation. View statistics and export findings.
 - **Settings** – Tweak provider keys, MCP enablement, tool toggles, and agent iteration limits.
 
 ### Built-in Safeguards
@@ -215,8 +217,10 @@ CyberStrikeAI ships with 100+ curated tools covering the whole kill chain:
 - Each Markdown file becomes a knowledge item with automatic chunking for vector search.
 - The system supports incremental updates – modified files are re-indexed automatically.
 
+
 ### Automation Hooks
-- **REST APIs** – everything the UI uses (auth, conversations, tool runs, monitor) is available over JSON.
+- **REST APIs** – everything the UI uses (auth, conversations, tool runs, monitor, vulnerabilities) is available over JSON.
+- **Vulnerability APIs** – manage vulnerabilities via `/api/vulnerabilities` endpoints: `GET /api/vulnerabilities` (list with filters), `POST /api/vulnerabilities` (create), `GET /api/vulnerabilities/:id` (get), `PUT /api/vulnerabilities/:id` (update), `DELETE /api/vulnerabilities/:id` (delete), `GET /api/vulnerabilities/stats` (statistics).
 - **Task control** – pause/resume/stop long scans, re-run steps with new params, or stream transcripts.
 - **Audit & security** – rotate passwords via `/api/auth/change-password`, enforce short-lived sessions, and restrict MCP ports at the network layer when exposing the service.
 
@@ -314,6 +318,7 @@ Build an attack chain for the latest engagement and export the node list with se
 
 ## Changelog (Recent)
 
+- 2025-12-25 – Added vulnerability management feature: full CRUD operations for tracking vulnerabilities discovered during testing. Supports severity levels (critical/high/medium/low/info), status workflow (open/confirmed/fixed/false_positive), filtering by conversation/severity/status, and comprehensive statistics dashboard.
 - 2025-12-25 – Added conversation grouping feature: organize conversations into groups, pin groups to top, rename/delete groups via context menu. All group data is persisted in the database.
 - 2025-12-24 – Refactored attack chain generation logic, achieving 2x faster generation speed. Redesigned attack chain frontend visualization for improved user experience.
 - 2025-12-20 – Added knowledge base feature with vector search, hybrid retrieval, and automatic indexing. AI agent can now search security knowledge during conversations.
diff --git a/README_CN.md b/README_CN.md
index 10d25ccc..7bb68d72 100644
--- a/README_CN.md
+++ b/README_CN.md
@@ -32,6 +32,7 @@ CyberStrikeAI 是一款 **AI 原生渗透测试协同体**，以 Go 编写，内
 - 🔒 Web 登录保护、审计日志、SQLite 持久化
 - 📚 知识库功能：向量检索与混合搜索，为 AI 提供安全专业知识
 - 📁 对话分组管理：支持分组创建、置顶、重命名、删除等操作
+- 🛡️ 漏洞管理功能：完整的漏洞 CRUD 操作，支持严重程度分级、状态流转、按对话/严重程度/状态过滤，以及统计看板
 
 ## 工具概览
 
@@ -106,6 +107,7 @@ CyberStrikeAI 是一款 **AI 原生渗透测试协同体**，以 Go 编写，内
 - **工具监控**：查看任务队列、执行日志、大文件附件。
 - **会话历史**：所有对话与工具调用保存在 SQLite，可随时重放。
 - **对话分组**：将对话按项目或主题组织到不同分组，支持置顶、重命名、删除等操作，所有数据持久化存储。
+- **漏洞管理**：在测试过程中创建、更新和跟踪发现的漏洞。支持按严重程度（严重/高/中/低/信息）、状态（待确认/已确认/已修复/误报）和对话进行过滤，查看统计信息并导出发现。
 - **可视化配置**：在界面中切换模型、启停工具、设置迭代次数等。
 
 ### 默认安全措施
@@ -214,8 +216,10 @@ CyberStrikeAI 是一款 **AI 原生渗透测试协同体**，以 Go 编写，内
 - 每个 Markdown 文件自动切块并生成向量嵌入。
 - 支持增量更新，修改后的文件会自动重新索引。
 
+
 ### 自动化与安全
-- **REST API**：认证、会话、任务、监控等接口全部开放，可与 CI/CD 集成。
+- **REST API**：认证、会话、任务、监控、漏洞管理等接口全部开放，可与 CI/CD 集成。
+- **漏洞管理 API**：通过 `/api/vulnerabilities` 端点管理漏洞：`GET /api/vulnerabilities`（列表，支持过滤）、`POST /api/vulnerabilities`（创建）、`GET /api/vulnerabilities/:id`（获取）、`PUT /api/vulnerabilities/:id`（更新）、`DELETE /api/vulnerabilities/:id`（删除）、`GET /api/vulnerabilities/stats`（统计）。
 - **任务控制**：支持暂停/终止长任务、修改参数后重跑、流式获取日志。
 - **安全管理**：`/api/auth/change-password` 可即时轮换口令；建议在暴露 MCP 端口时配合网络层 ACL。
 
@@ -312,6 +316,7 @@ CyberStrikeAI/
 ```
 
 ## Changelog（近期）
+- 2025-12-25 —— 新增漏洞管理功能：完整的漏洞 CRUD 操作，支持跟踪测试过程中发现的漏洞。支持严重程度分级（严重/高/中/低/信息）、状态流转（待确认/已确认/已修复/误报）、按对话/严重程度/状态过滤，以及统计看板。
 - 2025-12-25 —— 新增对话分组功能：支持创建分组、将对话移动到分组、分组置顶、重命名和删除等操作，所有分组数据持久化存储到数据库。
 - 2025-12-24 —— 重构攻击链生成逻辑，生成速度提升一倍。重构攻击链前端页面展示，优化用户体验。
 - 2025-12-20 —— 新增知识库功能：支持向量检索、混合搜索与自动索引，AI 智能体可在对话中自动搜索安全知识。