diff --git a/roles/API安全测试.yaml b/roles/API安全测试.yaml index 0b05d8bc..9789496c 100644 --- a/roles/API安全测试.yaml +++ b/roles/API安全测试.yaml @@ -2,19 +2,4 @@ name: API安全测试 description: API安全测试专家,专注于API接口安全检测 user_prompt: 你是一个专业的API安全测试专家。请使用专业的API测试工具对目标API接口进行全面的安全检测,包括GraphQL安全、API参数fuzzing、JWT分析、API架构分析等工作。 icon: "\U0001F4E1" -tools: - - api-fuzzer - - api-schema-analyzer - - graphql-scanner - - arjun - - jwt-analyzer - - http-intruder - - http-framework-test - - burpsuite - - httpx - - execute-python-script - - install-python-package - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/roles/CTF.yaml b/roles/CTF.yaml index 1148351c..e975a491 100644 --- a/roles/CTF.yaml +++ b/roles/CTF.yaml @@ -2,32 +2,4 @@ name: CTF description: CTF竞赛专家,擅长解题和漏洞利用 user_prompt: 你是一个CTF竞赛专家。请使用CTF解题思维和方法,快速定位和利用漏洞,解决各类CTF题目。 icon: "\U0001F3C6" -tools: - - amass - - anew - - angr - - api-fuzzer - - api-schema-analyzer - - arjun - - arp-scan - - autorecon - - binwalk - - bloodhound - - burpsuite - - cat - - checkov - - checksec - - cloudmapper - - create-file - - cyberchef - - dalfox - - delete-file - - httpx - - http-framework-test - - exec - - execute-python-script - - install-python-package - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/roles/Web应用扫描.yaml b/roles/Web应用扫描.yaml index 7462c71e..b49c9b0b 100644 --- a/roles/Web应用扫描.yaml +++ b/roles/Web应用扫描.yaml @@ -2,24 +2,4 @@ name: Web应用扫描 description: Web应用漏洞扫描专家,全面的Web安全检测 user_prompt: 你是一个专业的Web应用漏洞扫描专家。请使用各种Web扫描工具对目标Web应用进行全面的安全检测,包括目录枚举、文件扫描、漏洞识别等工作。 icon: "\U0001F310" -tools: - - dirsearch - - dirb - - gobuster - - feroxbuster - - ffuf - - wfuzz - - sqlmap - - dalfox - - xsser - - nikto - - nuclei - - wpscan - - httpx - - http-framework-test - - execute-python-script - - install-python-package - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/roles/Web框架测试.yaml b/roles/Web框架测试.yaml index 944bc87a..bd15bec1 100644 --- a/roles/Web框架测试.yaml +++ b/roles/Web框架测试.yaml @@ -2,18 +2,4 @@ name: Web框架测试 description: Web框架安全测试专家,专注于Web应用框架漏洞检测 user_prompt: 你是一个专业的Web框架安全测试专家。请使用专业的工具对Web应用框架进行安全测试,识别框架相关的安全漏洞和配置问题。 icon: "\U0001F310" -tools: - - http-framework-test - - nikto - - nuclei - - wafw00f - - wpscan - - httpx - - burpsuite - - zap - - execute-python-script - - install-python-package - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/roles/二进制分析.yaml b/roles/二进制分析.yaml index 56f467d9..edf3bed5 100644 --- a/roles/二进制分析.yaml +++ b/roles/二进制分析.yaml @@ -2,30 +2,4 @@ name: 二进制分析 description: 二进制分析与利用专家,擅长逆向工程和密码破解 user_prompt: 你是一个专业的二进制分析与利用专家。请使用逆向工程工具分析二进制文件,识别漏洞,进行利用开发。同时擅长密码破解、哈希分析等技术。 icon: "\U0001F52C" -tools: - - dirsearch - - docker-bench-security - - exec - - execute-python-script - - install-python-package - - ghidra - - graphql-scanner - - hakrawler - - hash-identifier - - hashcat - - hashpump - - http-framework-test - - httpx - - gdb - - radare2 - - objdump - - strings - - binwalk - - ropper - - ropgadget - - john - - cyberchef - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/roles/云安全审计.yaml b/roles/云安全审计.yaml index 8eef51c5..f36a7e3b 100644 --- a/roles/云安全审计.yaml +++ b/roles/云安全审计.yaml @@ -2,16 +2,4 @@ name: 云安全审计 description: 云安全审计专家,多云环境安全检测 user_prompt: 你是一个专业的云安全审计专家。请使用专业的云安全工具对AWS、Azure、GCP等云环境进行全面的安全审计,包括配置检查、合规性评估、权限审计、安全最佳实践验证等工作。 icon: ☁ -tools: - - prowler - - scout-suite - - cloudmapper - - pacu - - terrascan - - checkov - - execute-python-script - - install-python-package - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/roles/信息收集.yaml b/roles/信息收集.yaml index 98cc5fc9..05d24193 100644 --- a/roles/信息收集.yaml +++ b/roles/信息收集.yaml @@ -2,30 +2,4 @@ name: 信息收集 description: 资产发现与信息搜集专家 user_prompt: 你是一个专业的信息收集专家。请使用各种信息收集技术和工具,对目标进行全面的资产发现、子域名枚举、端口扫描、服务识别等信息收集工作。 icon: "\U0001F50D" -tools: - - amass - - subfinder - - dnsenum - - fierce - - fofa_search - - zoomeye_search - - nmap - - masscan - - rustscan - - arp-scan - - nbtscan - - httpx - - http-framework-test - - katana - - hakrawler - - waybackurls - - paramspider - - gau - - uro - - qsreplace - - execute-python-script - - install-python-package - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/roles/后渗透测试.yaml b/roles/后渗透测试.yaml index 80593885..e8efa0a5 100644 --- a/roles/后渗透测试.yaml +++ b/roles/后渗透测试.yaml @@ -2,22 +2,4 @@ name: 后渗透测试 description: 后渗透测试专家,权限维持与横向移动 user_prompt: 你是一个专业的后渗透测试专家。请使用专业的后渗透工具在获得初始访问权限后进行权限提升、横向移动、权限维持、数据收集等后渗透测试工作。 icon: "\U0001F575" -tools: - - linpeas - - winpeas - - mimikatz - - bloodhound - - impacket - - responder - - netexec - - rpcclient - - smbmap - - enum4linux - - enum4linux-ng - - exec - - execute-python-script - - install-python-package - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/roles/容器安全.yaml b/roles/容器安全.yaml index ce40edfe..ebf2e327 100644 --- a/roles/容器安全.yaml +++ b/roles/容器安全.yaml @@ -2,17 +2,4 @@ name: 容器安全 description: 容器与Kubernetes安全专家,容器环境安全检测 user_prompt: 你是一个专业的容器与Kubernetes安全专家。请使用专业的容器安全工具对Docker容器和Kubernetes集群进行全面的安全检测,包括镜像漏洞扫描、配置检查、运行时安全等工作。 icon: "\U0001F6E1" -tools: - - trivy - - clair - - docker-bench-security - - kube-bench - - kube-hunter - - falco - - exec - - execute-python-script - - install-python-package - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/roles/数字取证.yaml b/roles/数字取证.yaml index 7a1d7527..e716c4ea 100644 --- a/roles/数字取证.yaml +++ b/roles/数字取证.yaml @@ -2,23 +2,4 @@ name: 数字取证 description: 数字取证与隐写分析专家,文件与内存取证 user_prompt: 你是一个专业的数字取证与隐写分析专家。请使用专业的取证工具对文件、磁盘镜像、内存转储进行分析,提取证据信息。同时擅长隐写分析、数据恢复、元数据提取等技术。 icon: "\U0001F50E" -tools: - - volatility - - volatility3 - - foremost - - steghide - - stegsolve - - zsteg - - exiftool - - binwalk - - strings - - xxd - - fcrackzip - - pdfcrack - - exec - - execute-python-script - - install-python-package - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/roles/渗透测试.yaml b/roles/渗透测试.yaml index 9c420417..d7b976c5 100644 --- a/roles/渗透测试.yaml +++ b/roles/渗透测试.yaml @@ -2,32 +2,4 @@ name: 渗透测试 description: 专业渗透测试专家,全面深入的漏洞检测 user_prompt: 你是一个专业的网络安全渗透测试专家。请使用专业的渗透测试方法和工具,对目标进行全面的安全测试,包括但不限于SQL注入、XSS、CSRF、文件包含、命令执行等常见漏洞。 icon: "\U0001F3AF" -tools: - - http-framework-test - - httpx - - amass - - anew - - angr - - api-fuzzer - - api-schema-analyzer - - arjun - - arp-scan - - autorecon - - binwalk - - bloodhound - - burpsuite - - cat - - checkov - - checksec - - cloudmapper - - create-file - - cyberchef - - dalfox - - delete-file - - exec - - execute-python-script - - install-python-package - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/roles/综合漏洞扫描.yaml b/roles/综合漏洞扫描.yaml index 08d4136f..25d91b10 100644 --- a/roles/综合漏洞扫描.yaml +++ b/roles/综合漏洞扫描.yaml @@ -2,22 +2,4 @@ name: 综合漏洞扫描 description: 综合漏洞扫描专家,多类型漏洞检测 user_prompt: 你是一个专业的综合漏洞扫描专家。请使用各种漏洞扫描工具对目标进行全面的安全检测,包括Web漏洞、网络服务漏洞、配置缺陷等多种类型的漏洞识别和分析。 icon: ⚠ -tools: - - nuclei - - nikto - - sqlmap - - nmap - - masscan - - rustscan - - wafw00f - - dalfox - - xsser - - jaeles - - httpx - - http-framework-test - - execute-python-script - - install-python-package - - record_vulnerability - - list_knowledge_risk_types - - search_knowledge_base enabled: true diff --git a/web/static/i18n/en-US.json b/web/static/i18n/en-US.json index 759f4d9f..23d6b21c 100644 --- a/web/static/i18n/en-US.json +++ b/web/static/i18n/en-US.json @@ -179,6 +179,12 @@ "unknownTool": "Unknown tool", "einoAgentReplyTitle": "Sub-agent reply", "einoRecoveryTitle": "🔄 Invalid tool JSON · run {{n}}/{{max}} (hint appended)", + "einoStreamErrorTitle": "⚠️ Eino stream interrupted ({{agent}})", + "einoStreamErrorMessage": "Streaming read failed; the system will retry or terminate according to policy.", + "iterationLimitReachedTitle": "⛔ Iteration limit reached", + "iterationLimitReachedMessage": "Maximum iteration count reached; automatic iteration has stopped.", + "einoPendingOrphanedTitle": "🧹 Tool call reconciliation", + "einoPendingOrphanedMessage": "Detected {{count}} unclosed tool call(s); marked as failed and finalized automatically.", "noDescription": "No description", "noResponseData": "No response data", "loading": "Loading...", diff --git a/web/static/i18n/zh-CN.json b/web/static/i18n/zh-CN.json index 788761ac..be506859 100644 --- a/web/static/i18n/zh-CN.json +++ b/web/static/i18n/zh-CN.json @@ -179,6 +179,12 @@ "unknownTool": "未知工具", "einoAgentReplyTitle": "子代理回复", "einoRecoveryTitle": "🔄 工具参数无效 · 第 {{n}}/{{max}} 轮(已追加提示)", + "einoStreamErrorTitle": "⚠️ Eino 流式中断({{agent}})", + "einoStreamErrorMessage": "流式读取异常,系统将按策略重试或结束。", + "iterationLimitReachedTitle": "⛔ 达到迭代上限", + "iterationLimitReachedMessage": "已达到最大迭代次数,任务已停止继续自动迭代。", + "einoPendingOrphanedTitle": "🧹 工具调用收尾补偿", + "einoPendingOrphanedMessage": "检测到 {{count}} 个未闭合工具调用,已自动标记为失败并收尾。", "noDescription": "暂无描述", "noResponseData": "暂无响应数据", "loading": "加载中...", diff --git a/web/static/js/monitor.js b/web/static/js/monitor.js index a94db21d..d791780b 100644 --- a/web/static/js/monitor.js +++ b/web/static/js/monitor.js @@ -1120,6 +1120,49 @@ function handleStreamEvent(event, progressElement, progressId, break; } + case 'eino_stream_error': { + const d = event.data || {}; + const agent = d.einoAgent ? String(d.einoAgent) : ''; + const title = typeof window.t === 'function' + ? window.t('chat.einoStreamErrorTitle', { agent: agent || '-' }) + : (agent ? ('⚠️ Eino 流式中断(' + agent + ')') : '⚠️ Eino 流式中断'); + addTimelineItem(timeline, 'warning', { + title: title, + message: event.message || (typeof window.t === 'function' + ? window.t('chat.einoStreamErrorMessage') + : '流式读取异常,系统将按策略重试或结束。'), + data: d + }); + break; + } + + case 'iteration_limit_reached': { + addTimelineItem(timeline, 'warning', { + title: typeof window.t === 'function' ? window.t('chat.iterationLimitReachedTitle') : '⛔ 达到迭代上限', + message: event.message || (typeof window.t === 'function' + ? window.t('chat.iterationLimitReachedMessage') + : '已达到最大迭代次数,任务已停止继续自动迭代。'), + data: event.data + }); + finalizeOutstandingToolCallsForProgress(progressId, 'failed'); + break; + } + + case 'eino_pending_orphaned': { + const d = event.data || {}; + const count = Number(d.pendingCount || 0); + const countText = Number.isFinite(count) && count > 0 ? String(count) : '?'; + addTimelineItem(timeline, 'warning', { + title: typeof window.t === 'function' ? window.t('chat.einoPendingOrphanedTitle') : '🧹 工具调用收尾补偿', + message: event.message || (typeof window.t === 'function' + ? window.t('chat.einoPendingOrphanedMessage', { count: countText }) + : ('检测到 ' + countText + ' 个未闭合工具调用,已自动标记为失败并收尾。')), + data: d + }); + finalizeOutstandingToolCallsForProgress(progressId, 'failed'); + break; + } + case 'tool_call': const toolInfo = event.data || {}; const toolName = toolInfo.toolName || (typeof window.t === 'function' ? window.t('chat.unknownTool') : '未知工具');