Add files via upload

2026-06-21 13:30:16 +02:00 · 2026-06-20 19:35:06 +08:00
parent 56d597e0c5
commit 90cd119a83
16 changed files with 2273 additions and 132 deletions
@@ -2464,17 +2464,108 @@ func (h *OpenAPIHandler) GetOpenAPISpec(c *gin.Context) {
 					"parameters": []map[string]interface{}{
 						{"name": "id", "in": "path", "required": true, "schema": map[string]interface{}{"type": "string"}},
 						{"name": "fact_key", "in": "query", "schema": map[string]interface{}{"type": "string"}},
+						{"name": "include_links", "in": "query", "schema": map[string]interface{}{"type": "boolean"}},
+						{"name": "include_link_counts", "in": "query", "schema": map[string]interface{}{"type": "boolean"}},
 					},
-					"responses": map[string]interface{}{"200": map[string]interface{}{"description": "事实列表或单条"}},
+					"responses": map[string]interface{}{"200": map[string]interface{}{"description": "事实列表或单条（可含 link_counts / outgoing_links）"}},
 				},
 				"post": map[string]interface{}{
 					"tags": []string{"项目管理"}, "summary": "创建/更新事实", "operationId": "upsertProjectFactREST",
 					"parameters": []map[string]interface{}{
 						{"name": "id", "in": "path", "required": true, "schema": map[string]interface{}{"type": "string"}},
 					},
+					"requestBody": map[string]interface{}{
+						"required": true,
+						"content": map[string]interface{}{
+							"application/json": map[string]interface{}{
+								"schema": map[string]interface{}{
+									"type": "object",
+									"properties": map[string]interface{}{
+										"fact_key": map[string]interface{}{"type": "string"},
+										"summary":  map[string]interface{}{"type": "string"},
+										"links": map[string]interface{}{
+											"type": "array",
+											"items": map[string]interface{}{
+												"type": "object",
+												"properties": map[string]interface{}{
+													"to":   map[string]interface{}{"type": "string"},
+													"type": map[string]interface{}{"type": "string"},
+												},
+											},
+										},
+										"links_text": map[string]interface{}{"type": "string", "description": "type: fact_key 每行一条"},
+									},
+								},
+							},
+						},
+					},
 					"responses": map[string]interface{}{"200": map[string]interface{}{"description": "成功"}},
 				},
 			},
+			"/api/projects/{id}/fact-graph": map[string]interface{}{
+				"get": map[string]interface{}{
+					"tags": []string{"项目管理"}, "summary": "获取项目事实攻击路径图", "operationId": "getProjectFactGraph",
+					"parameters": []map[string]interface{}{
+						{"name": "id", "in": "path", "required": true, "schema": map[string]interface{}{"type": "string"}},
+						{"name": "view", "in": "query", "schema": map[string]interface{}{"type": "string", "enum": []string{"path", "full"}, "default": "path"}},
+						{"name": "exclude_deprecated", "in": "query", "schema": map[string]interface{}{"type": "boolean", "default": true}},
+					},
+					"responses": map[string]interface{}{"200": map[string]interface{}{"description": "nodes + edges"}},
+				},
+			},
+			"/api/projects/{id}/fact-edges": map[string]interface{}{
+				"get": map[string]interface{}{
+					"tags": []string{"项目管理"}, "summary": "列出项目全部事实边", "operationId": "listProjectFactEdges",
+					"parameters": []map[string]interface{}{
+						{"name": "id", "in": "path", "required": true, "schema": map[string]interface{}{"type": "string"}},
+					},
+					"responses": map[string]interface{}{"200": map[string]interface{}{"description": "边列表"}},
+				},
+				"post": map[string]interface{}{
+					"tags": []string{"项目管理"}, "summary": "添加事实边", "operationId": "createProjectFactEdge",
+					"parameters": []map[string]interface{}{
+						{"name": "id", "in": "path", "required": true, "schema": map[string]interface{}{"type": "string"}},
+					},
+					"requestBody": map[string]interface{}{
+						"required": true,
+						"content": map[string]interface{}{
+							"application/json": map[string]interface{}{
+								"schema": map[string]interface{}{
+									"type": "object",
+									"required": []string{"source_fact_key", "target_fact_key", "edge_type"},
+									"properties": map[string]interface{}{
+										"source_fact_key": map[string]interface{}{"type": "string"},
+										"target_fact_key": map[string]interface{}{"type": "string"},
+										"edge_type":       map[string]interface{}{"type": "string"},
+										"confidence":      map[string]interface{}{"type": "string"},
+									},
+								},
+							},
+						},
+					},
+					"responses": map[string]interface{}{"200": map[string]interface{}{"description": "边已创建"}},
+				},
+			},
+			"/api/projects/{id}/fact-edges/{edgeId}": map[string]interface{}{
+				"delete": map[string]interface{}{
+					"tags": []string{"项目管理"}, "summary": "删除事实边", "operationId": "deleteProjectFactEdge",
+					"parameters": []map[string]interface{}{
+						{"name": "id", "in": "path", "required": true, "schema": map[string]interface{}{"type": "string"}},
+						{"name": "edgeId", "in": "path", "required": true, "schema": map[string]interface{}{"type": "string"}},
+					},
+					"responses": map[string]interface{}{"200": map[string]interface{}{"description": "删除成功"}},
+				},
+			},
+			"/api/projects/{id}/promote-attack-chain/{conversationId}": map[string]interface{}{
+				"post": map[string]interface{}{
+					"tags": []string{"项目管理"}, "summary": "将对话攻击链沉淀到项目事实图", "operationId": "promoteAttackChainToProject",
+					"parameters": []map[string]interface{}{
+						{"name": "id", "in": "path", "required": true, "schema": map[string]interface{}{"type": "string"}},
+						{"name": "conversationId", "in": "path", "required": true, "schema": map[string]interface{}{"type": "string"}},
+					},
+					"responses": map[string]interface{}{"200": map[string]interface{}{"description": "沉淀结果（facts/edges/graph）"}},
+				},
+			},
 			"/api/vulnerabilities": map[string]interface{}{
 				"get": map[string]interface{}{
 					"tags":        []string{"漏洞管理"},
@@ -1,10 +1,12 @@
 package handler

 import (
+	"fmt"
 	"net/http"
 	"strconv"
 	"strings"

+	"cyberstrike-ai/internal/attackchain"
 	"cyberstrike-ai/internal/database"
 	"cyberstrike-ai/internal/project"

@@ -223,26 +225,102 @@ func (h *ProjectHandler) DeleteProject(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"success": true})
 }

+type factLinkRequest struct {
+	From       string `json:"from"`
+	Type       string `json:"type"`
+	Confidence string `json:"confidence,omitempty"`
+}
+
 type upsertFactRequest struct {
-	FactKey                string `json:"fact_key" binding:"required"`
-	Category               string `json:"category"`
-	Summary                string `json:"summary" binding:"required"`
-	Body                   string `json:"body"`
-	Confidence             string `json:"confidence"`
-	Pinned                 bool   `json:"pinned"`
-	RelatedVulnerabilityID string `json:"related_vulnerability_id"`
+	FactKey                string            `json:"fact_key" binding:"required"`
+	Category               string            `json:"category"`
+	Summary                string            `json:"summary" binding:"required"`
+	Body                   string            `json:"body"`
+	Confidence             string            `json:"confidence"`
+	Pinned                 bool              `json:"pinned"`
+	RelatedVulnerabilityID string            `json:"related_vulnerability_id"`
+	Links                  []factLinkRequest `json:"links"`
+	LinksText              *string           `json:"links_text"`
 }

 // updateFactRequest 部分更新事实；指针字段省略=不修改，body 传 "" 可清空（仍走 merge 逻辑见 Upsert）。
 type updateFactRequest struct {
-	FactKey                *string `json:"fact_key"`
-	Category               *string `json:"category"`
-	Summary                *string `json:"summary"`
-	Body                   *string `json:"body"`
-	Confidence             *string `json:"confidence"`
-	Pinned                 *bool   `json:"pinned"`
-	RelatedVulnerabilityID *string `json:"related_vulnerability_id"`
-	ClearBody              bool    `json:"clear_body"`
+	FactKey                *string            `json:"fact_key"`
+	Category               *string            `json:"category"`
+	Summary                *string            `json:"summary"`
+	Body                   *string            `json:"body"`
+	Confidence             *string            `json:"confidence"`
+	Pinned                 *bool              `json:"pinned"`
+	RelatedVulnerabilityID *string            `json:"related_vulnerability_id"`
+	ClearBody              bool               `json:"clear_body"`
+	Links                  *[]factLinkRequest `json:"links"`
+	LinksText              *string            `json:"links_text"`
+}
+
+func factLinksFromRequest(links []factLinkRequest, linksText *string) (*project.ParsedFactLinks, error) {
+	if len(links) > 0 {
+		parsed := &project.ParsedFactLinks{}
+		for i, l := range links {
+			from := strings.TrimSpace(l.From)
+			edgeType := strings.TrimSpace(l.Type)
+			if from == "" {
+				return nil, fmt.Errorf("links[%d] 须含 from", i)
+			}
+			if edgeType == "" {
+				return nil, fmt.Errorf("links[%d] 须含 type", i)
+			}
+			parsed.Incoming = append(parsed.Incoming, database.ProjectFactEdgeFromInput{
+				From: from, Type: edgeType, Confidence: strings.TrimSpace(l.Confidence),
+			})
+		}
+		return parsed, nil
+	}
+	if linksText != nil {
+		in, err := project.ParseFactLinksText(*linksText)
+		if err != nil {
+			return nil, err
+		}
+		return &project.ParsedFactLinks{Incoming: in}, nil
+	}
+	return &project.ParsedFactLinks{Incoming: []database.ProjectFactEdgeFromInput{}}, nil
+}
+
+type factWithLinksResponse struct {
+	*database.ProjectFact
+	OutgoingLinks []*database.ProjectFactEdge `json:"outgoing_links,omitempty"`
+	IncomingLinks []*database.ProjectFactEdge `json:"incoming_links,omitempty"`
+	LinkCounts    *project.LinkCounts         `json:"link_counts,omitempty"`
+}
+
+func (h *ProjectHandler) applyFactLinksAfterUpsert(projectID string, fact *database.ProjectFact, links []factLinkRequest, linksText *string, explicitLinks, parseBody bool) error {
+	if explicitLinks {
+		parsed, err := factLinksFromRequest(links, linksText)
+		if err != nil {
+			return err
+		}
+		return project.PersistFactLinksFromParsed(h.db, projectID, fact.FactKey, fact.SourceConversationID, parsed, true)
+	}
+	if parseBody {
+		inputs := project.ParseLinksFromBody(fact.Body)
+		if inputs == nil {
+			return nil
+		}
+		return project.PersistFactIncomingLinks(h.db, projectID, fact.FactKey, inputs, true)
+	}
+	return nil
+}
+
+func (h *ProjectHandler) factResponseWithLinks(projectID string, f *database.ProjectFact, includeLinks bool) interface{} {
+	if !includeLinks || f == nil {
+		return f
+	}
+	out, _ := h.db.ListOutgoingProjectFactEdges(projectID, f.FactKey)
+	in, _ := h.db.ListIncomingProjectFactEdges(projectID, f.FactKey)
+	return &factWithLinksResponse{
+		ProjectFact:   f,
+		OutgoingLinks: out,
+		IncomingLinks: in,
+	}
 }

 // ListFacts GET /api/projects/:id/facts （fact_key 查询参数可获取单条详情）
@@ -254,7 +332,8 @@ func (h *ProjectHandler) ListFacts(c *gin.Context) {
 			c.JSON(http.StatusNotFound, gin.H{"error": err.Error()})
 			return
 		}
-		c.JSON(http.StatusOK, f)
+		includeLinks := c.Query("include_links") == "1" || c.Query("include_links") == "true"
+		c.JSON(http.StatusOK, h.factResponseWithLinks(projectID, f, includeLinks))
 		return
 	}
 	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "100"))
@@ -285,7 +364,52 @@ func (h *ProjectHandler) ListFacts(c *gin.Context) {
 		}
 		list = filtered
 	}
-	c.JSON(http.StatusOK, list)
+	includeLinkCounts := c.Query("include_link_counts") == "1" || c.Query("include_link_counts") == "true"
+	if !includeLinkCounts {
+		c.JSON(http.StatusOK, list)
+		return
+	}
+	counts, err := project.LoadProjectFactLinkCounts(h.db, projectID)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	out := make([]factWithLinksResponse, 0, len(list))
+	for _, f := range list {
+		item := factWithLinksResponse{ProjectFact: f}
+		if c, ok := counts[f.FactKey]; ok {
+			cc := c
+			item.LinkCounts = &cc
+		}
+		out = append(out, item)
+	}
+	c.JSON(http.StatusOK, out)
+}
+
+// GetFactGraph GET /api/projects/:id/fact-graph?view=path|full
+func (h *ProjectHandler) GetFactGraph(c *gin.Context) {
+	projectID := c.Param("id")
+	if _, err := h.db.GetProject(projectID); err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "项目不存在"})
+		return
+	}
+	view := c.DefaultQuery("view", "path")
+	excludeDeprecated := true
+	if v := c.Query("exclude_deprecated"); v == "0" || v == "false" {
+		excludeDeprecated = false
+	}
+	graph, err := project.BuildProjectFactGraph(h.db, projectID, view, excludeDeprecated)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	if graph.Nodes == nil {
+		graph.Nodes = []database.ProjectFactGraphNode{}
+	}
+	if graph.Edges == nil {
+		graph.Edges = []database.ProjectFactGraphEdge{}
+	}
+	c.JSON(http.StatusOK, graph)
 }

 // CreateFact POST /api/projects/:id/facts
@@ -295,8 +419,9 @@ func (h *ProjectHandler) CreateFact(c *gin.Context) {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
+	projectID := c.Param("id")
 	f := &database.ProjectFact{
-		ProjectID:              c.Param("id"),
+		ProjectID:              projectID,
 		FactKey:                req.FactKey,
 		Category:               req.Category,
 		Summary:                req.Summary,
@@ -310,16 +435,24 @@ func (h *ProjectHandler) CreateFact(c *gin.Context) {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
-	c.JSON(http.StatusOK, created)
+	explicitLinks := req.Links != nil || req.LinksText != nil
+	if err := h.applyFactLinksAfterUpsert(projectID, created, req.Links, req.LinksText, explicitLinks, !explicitLinks); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+	created, _ = h.db.GetProjectFactByKey(projectID, created.FactKey)
+	c.JSON(http.StatusOK, h.factResponseWithLinks(projectID, created, true))
 }

 // UpdateFact PUT /api/projects/:id/facts/:factId
 func (h *ProjectHandler) UpdateFact(c *gin.Context) {
+	projectID := c.Param("id")
 	existing, err := h.db.GetProjectFact(c.Param("factId"))
-	if err != nil || existing.ProjectID != c.Param("id") {
+	if err != nil || existing.ProjectID != projectID {
 		c.JSON(http.StatusNotFound, gin.H{"error": "事实不存在"})
 		return
 	}
+	oldFactKey := existing.FactKey
 	var req updateFactRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
@@ -355,7 +488,29 @@ func (h *ProjectHandler) UpdateFact(c *gin.Context) {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
-	c.JSON(http.StatusOK, updated)
+	if oldFactKey != updated.FactKey {
+		if err := h.db.RenameProjectFactKeyEdges(projectID, oldFactKey, updated.FactKey); err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+			return
+		}
+	}
+	if req.Links != nil || req.LinksText != nil {
+		var links []factLinkRequest
+		if req.Links != nil {
+			links = *req.Links
+		}
+		if err := h.applyFactLinksAfterUpsert(projectID, updated, links, req.LinksText, true, false); err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+	} else if req.ClearBody || req.Body != nil {
+		if err := h.applyFactLinksAfterUpsert(projectID, updated, nil, nil, false, true); err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+	}
+	updated, _ = h.db.GetProjectFactByKey(projectID, updated.FactKey)
+	c.JSON(http.StatusOK, h.factResponseWithLinks(projectID, updated, true))
 }

 // DeleteFact DELETE /api/projects/:id/facts/:factId
@@ -408,3 +563,82 @@ func (h *ProjectHandler) RestoreFact(c *gin.Context) {
 	}
 	c.JSON(http.StatusOK, gin.H{"success": true})
 }
+
+type createFactEdgeRequest struct {
+	SourceFactKey string `json:"source_fact_key" binding:"required"`
+	TargetFactKey string `json:"target_fact_key" binding:"required"`
+	EdgeType      string `json:"edge_type" binding:"required"`
+	Confidence    string `json:"confidence"`
+}
+
+// ListFactEdges GET /api/projects/:id/fact-edges
+func (h *ProjectHandler) ListFactEdges(c *gin.Context) {
+	projectID := c.Param("id")
+	edges, err := h.db.ListProjectFactEdgesByProject(projectID)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	if edges == nil {
+		edges = []*database.ProjectFactEdge{}
+	}
+	c.JSON(http.StatusOK, edges)
+}
+
+// CreateFactEdge POST /api/projects/:id/fact-edges
+func (h *ProjectHandler) CreateFactEdge(c *gin.Context) {
+	projectID := c.Param("id")
+	var req createFactEdgeRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+	edge, err := h.db.AddProjectFactEdge(projectID, database.ProjectFactEdgeInput{
+		To:         req.TargetFactKey,
+		Type:       req.EdgeType,
+		Confidence: req.Confidence,
+	}, req.SourceFactKey, "")
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+	if f, err := h.db.GetProjectFactByKey(projectID, req.TargetFactKey); err == nil {
+		in, _ := h.db.ListIncomingProjectFactEdges(projectID, req.TargetFactKey)
+		f.Body = project.SyncBodyLinksSection(f.Body, in)
+		_, _ = h.db.UpsertProjectFact(f)
+	}
+	c.JSON(http.StatusOK, edge)
+}
+
+// DeleteFactEdge DELETE /api/projects/:id/fact-edges/:edgeId
+func (h *ProjectHandler) DeleteFactEdge(c *gin.Context) {
+	projectID := c.Param("id")
+	edgeID := c.Param("edgeId")
+	edge, err := h.db.GetProjectFactEdge(edgeID)
+	if err != nil || edge.ProjectID != projectID {
+		c.JSON(http.StatusNotFound, gin.H{"error": "边不存在"})
+		return
+	}
+	if err := h.db.DeleteProjectFactEdge(edgeID); err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	if f, err := h.db.GetProjectFactByKey(projectID, edge.TargetFactKey); err == nil {
+		in, _ := h.db.ListIncomingProjectFactEdges(projectID, edge.TargetFactKey)
+		f.Body = project.SyncBodyLinksSection(f.Body, in)
+		_, _ = h.db.UpsertProjectFact(f)
+	}
+	c.JSON(http.StatusOK, gin.H{"success": true})
+}
+
+// PromoteAttackChain POST /api/projects/:id/promote-attack-chain/:conversationId
+func (h *ProjectHandler) PromoteAttackChain(c *gin.Context) {
+	projectID := c.Param("id")
+	conversationID := c.Param("conversationId")
+	result, err := attackchain.PromoteToProject(h.db, projectID, conversationID)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+	c.JSON(http.StatusOK, result)
+}