Update config.yaml

Add files via upload
Add FOFA API configuration to config.yaml
2026-05-17 21:44:43 +02:00 · 2026-02-20 16:53:21 +08:00 · 2026-02-20 16:40:59 +08:00 · 2026-02-20 16:18:53 +08:00 · 2026-02-20 16:16:48 +08:00 · 2026-02-11 10:31:40 +08:00
37 changed files with 4994 additions and 1708 deletions
@@ -14,6 +14,12 @@ CyberStrikeAI is an **AI-native security testing platform** built in Go. It inte
 <div align="center">
 ### System Dashboard Overview
 <img src="./images/dashboard.png" alt="System Dashboard" width="100%">
 *The dashboard provides a comprehensive overview of system runtime status, security vulnerabilities, tool usage, and knowledge base, helping users quickly understand the platform's core features and current state.*
 ### Core Features Overview
 <table>
@@ -516,6 +522,8 @@ CyberStrikeAI has joined [404Starlink](https://github.com/knownsec/404StarLink)
  </a>
 </div>
 ## Stargazers over time
 ![Stargazers over time](https://starchart.cc/Ed1s0nZ/CyberStrikeAI.svg)
 ---
@@ -13,6 +13,12 @@ CyberStrikeAI 是一款 **AI 原生安全测试平台**，基于 Go 构建，集
 <div align="center">
 ### 系统仪表盘概览
 <img src="./images/dashboard.png" alt="系统仪表盘" width="100%">
 *仪表盘提供系统运行状态、安全漏洞、工具使用情况和知识库的全面概览，帮助用户快速了解平台核心功能和当前状态。*
 ### 核心功能概览
 <table>
@@ -513,6 +519,9 @@ CyberStrikeAI 现已加入 [404星链计划](https://github.com/knownsec/404Star
  </a>
 </div>
 ## Stargazers over time
 ![Stargazers over time](https://starchart.cc/Ed1s0nZ/CyberStrikeAI.svg)
 ---
 欢迎提交 Issue/PR 贡献新的工具模版或优化建议！
@@ -9,6 +9,9 @@
 # 系统设置
 # ============================================
 # 前端显示的版本号（可选，不填则显示默认版本）
 version: "v1.3.7"
 # 服务器配置
 server:
  host: 0.0.0.0 # 监听地址，0.0.0.0 表示监听所有网络接口
@@ -41,6 +44,16 @@ openai:
  model: deepseek-chat                   # 模型名称（必填）
  max_total_tokens: 120000              # LLM 相关上下文的最大 Token 数限制（内存压缩和攻击链构建会共用此配置）
 # ============================================
 # 信息收集（FOFA）配置（可选）
 # ============================================
 # 用于「信息收集」页面调用 FOFA API（后端代理，避免前端暴露 key）
 # 也可通过环境变量配置：FOFA_EMAIL / FOFA_API_KEY（优先级更高）
 fofa:
  base_url: "https://fofa.info/api/v1/search/all" # 可选，留空则使用默认
  email: ""   # FOFA 账号邮箱（可选，建议在系统设置中填写）
  api_key: "" # FOFA API Key（可选，建议在系统设置中填写）
 # Agent 配置
 # 达到最大迭代次数时，AI 会自动总结测试结果
 agent:
@@ -67,6 +80,10 @@ database:
 # 推荐方式：在 tools/ 目录下为每个工具创建独立的配置文件
 security:
  tools_dir: tools # 工具配置文件目录（相对于配置文件所在目录）
  # 工具描述模式：加载 tools 下工具时，暴露给 AI/API 使用的描述来源
  #   short - 优先使用 short_description（简短描述，省 token），为空时用 description
  #   full  - 使用 description（详细描述）
  tool_description_mode: full
 # ============================================
 # MCP 相关配置
@@ -1,11 +1,14 @@
 module cyberstrike-ai
-go 1.21
+go 1.23.0
 toolchain go1.24.4
 require (
 	github.com/gin-gonic/gin v1.9.1
 	github.com/google/uuid v1.5.0
 	github.com/mattn/go-sqlite3 v1.14.18
 	github.com/modelcontextprotocol/go-sdk v1.2.0
 	github.com/pkoukk/tiktoken-go v0.1.8
 	go.uber.org/zap v1.26.0
 	gopkg.in/yaml.v3 v3.0.1
@@ -21,6 +24,7 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.14.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/google/jsonschema-go v0.3.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
@@ -30,10 +34,12 @@ require (
 	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.11 // indirect
 	github.com/yosida95/uritemplate/v3 v3.0.2 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/arch v0.3.0 // indirect
 	golang.org/x/crypto v0.14.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/oauth2 v0.30.0 // indirect
 	golang.org/x/sys v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
@@ -25,10 +25,15 @@ github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg
 github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
 github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/jsonschema-go v0.3.0 h1:6AH2TxVNtk3IlvkkhjrtbUc4S8AvO0Xii0DxIygDg+Q=
 github.com/google/jsonschema-go v0.3.0/go.mod h1:r5quNTdLOYEz95Ru18zA0ydNbBuYoo9tgaYcxEYhJVE=
 github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
 github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -42,6 +47,8 @@ github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APP
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-sqlite3 v1.14.18 h1:JL0eqdCOq6DJVNPSvArO/bIV9/P7fbGrV00LZHc+5aI=
 github.com/mattn/go-sqlite3 v1.14.18/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/modelcontextprotocol/go-sdk v1.2.0 h1:Y23co09300CEk8iZ/tMxIX1dVmKZkzoSBZOpJwUnc/s=
 github.com/modelcontextprotocol/go-sdk v1.2.0/go.mod h1:6fM3LCm3yV7pAs8isnKLn07oKtB0MP9LHd3DfAcKw10=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -68,6 +75,8 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
 github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/yosida95/uritemplate/v3 v3.0.2 h1:Ed3Oyj9yrmi9087+NczuL5BwkIc4wvTb5zIM+UJPGz4=
 github.com/yosida95/uritemplate/v3 v3.0.2/go.mod h1:ILOh0sOhIJR3+L/8afwt/kE++YT040gmv5BQTMR2HP4=
 go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=
 go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
@@ -81,13 +90,16 @@ golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
 golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
 golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
@@ -529,8 +529,10 @@ func (a *Agent) AgentLoopWithProgress(ctx context.Context, userInput string, his
 	maxIterations := a.maxIterations
 	for i := 0; i < maxIterations; i++ {
-		// 每轮调用前先尝试压缩，防止历史消息持续膨胀
+		// 先获取本轮可用工具并统计 tools token，再压缩，以便压缩时预留 tools 占用的空间
-		messages = a.applyMemoryCompression(ctx, messages)
+		tools := a.getAvailableTools(roleTools)
 		toolsTokens := a.countToolsTokens(tools)
 		messages = a.applyMemoryCompression(ctx, messages, toolsTokens)
 		// 检查是否是最后一次迭代
 		isLastIteration := (i == maxIterations-1)
@@ -562,17 +564,17 @@ func (a *Agent) AgentLoopWithProgress(ctx context.Context, userInput string, his
 		default:
 		}
-		// 获取可用工具
+		// 记录当前上下文的 Token 用量（messages + tools），展示压缩器运行状态
 		tools := a.getAvailableTools(roleTools)
 		// 记录当前上下文的Token用量，展示压缩器运行状态
 		if a.memoryCompressor != nil {
-			totalTokens, systemCount, regularCount := a.memoryCompressor.totalTokensFor(messages)
+			messagesTokens, systemCount, regularCount := a.memoryCompressor.totalTokensFor(messages)
 			totalTokens := messagesTokens + toolsTokens
 			a.logger.Info("memory compressor context stats",
 				zap.Int("iteration", i+1),
 				zap.Int("messagesCount", len(messages)),
 				zap.Int("systemMessages", systemCount),
 				zap.Int("regularMessages", regularCount),
 				zap.Int("messagesTokens", messagesTokens),
 				zap.Int("toolsTokens", toolsTokens),
 				zap.Int("totalTokens", totalTokens),
 				zap.Int("maxTotalTokens", a.memoryCompressor.maxTotalTokens),
 			)
@@ -788,7 +790,7 @@ func (a *Agent) AgentLoopWithProgress(ctx context.Context, userInput string, his
 					Role:    "user",
 					Content: "这是最后一次迭代。请总结到目前为止的所有测试结果、发现的问题和已完成的工作。如果需要继续测试，请提供详细的下一步执行计划。请直接回复，不要调用工具。",
 				})
-				messages = a.applyMemoryCompression(ctx, messages)
+				messages = a.applyMemoryCompression(ctx, messages, 0) // 总结时不带 tools，不预留
 				// 立即调用OpenAI获取总结
 				summaryResponse, err := a.callOpenAI(ctx, messages, []Tool{}) // 不提供工具，强制AI直接回复
 				if err == nil && summaryResponse != nil && len(summaryResponse.Choices) > 0 {
@@ -828,7 +830,7 @@ func (a *Agent) AgentLoopWithProgress(ctx context.Context, userInput string, his
 				Role:    "user",
 				Content: "这是最后一次迭代。请总结到目前为止的所有测试结果、发现的问题和已完成的工作。如果需要继续测试，请提供详细的下一步执行计划。请直接回复，不要调用工具。",
 			})
-			messages = a.applyMemoryCompression(ctx, messages)
+			messages = a.applyMemoryCompression(ctx, messages, 0) // 总结时不带 tools，不预留
 			// 立即调用OpenAI获取总结
 			summaryResponse, err := a.callOpenAI(ctx, messages, []Tool{}) // 不提供工具，强制AI直接回复
 			if err == nil && summaryResponse != nil && len(summaryResponse.Choices) > 0 {
@@ -867,7 +869,7 @@ func (a *Agent) AgentLoopWithProgress(ctx context.Context, userInput string, his
 		Content: fmt.Sprintf("已达到最大迭代次数（%d轮）。请总结到目前为止的所有测试结果、发现的问题和已完成的工作。如果需要继续测试，请提供详细的下一步执行计划。请直接回复，不要调用工具。", a.maxIterations),
 	}
 	messages = append(messages, finalSummaryPrompt)
-	messages = a.applyMemoryCompression(ctx, messages)
+	messages = a.applyMemoryCompression(ctx, messages, 0) // 总结时不带 tools，不预留
 	summaryResponse, err := a.callOpenAI(ctx, messages, []Tool{}) // 不提供工具，强制AI直接回复
 	if err == nil && summaryResponse != nil && len(summaryResponse.Choices) > 0 {
@@ -1425,13 +1427,13 @@ func (a *Agent) formatToolError(toolName string, args map[string]interface{}, er
 	return errorMsg
 }
-// applyMemoryCompression 在调用LLM前对消息进行压缩，避免超过token限制
+// applyMemoryCompression 在调用LLM前对消息进行压缩，避免超过 token 限制。reservedTokens 为预留给 tools 的 token 数，传 0 表示不预留。
-func (a *Agent) applyMemoryCompression(ctx context.Context, messages []ChatMessage) []ChatMessage {
+func (a *Agent) applyMemoryCompression(ctx context.Context, messages []ChatMessage, reservedTokens int) []ChatMessage {
 	if a.memoryCompressor == nil {
 		return messages
 	}
-	compressed, changed, err := a.memoryCompressor.CompressHistory(ctx, messages)
+	compressed, changed, err := a.memoryCompressor.CompressHistory(ctx, messages, reservedTokens)
 	if err != nil {
 		a.logger.Warn("上下文压缩失败，将使用原始消息继续", zap.Error(err))
 		return messages
@@ -1447,6 +1449,18 @@ func (a *Agent) applyMemoryCompression(ctx context.Context, messages []ChatMessa
 	return messages
 }
 // countToolsTokens 统计 tools 序列化后的 token 数，用于日志与压缩时预留空间。mc 为 nil 时返回 0。
 func (a *Agent) countToolsTokens(tools []Tool) int {
 	if len(tools) == 0 || a.memoryCompressor == nil {
 		return 0
 	}
 	data, err := json.Marshal(tools)
 	if err != nil {
 		return 0
 	}
 	return a.memoryCompressor.CountTextTokens(string(data))
 }
 // handleMissingToolError 当LLM调用不存在的工具时，向其追加提示消息并允许继续迭代
 func (a *Agent) handleMissingToolError(errMsg string, messages *[]ChatMessage) (bool, string) {
 	lowerMsg := strings.ToLower(errMsg)
@@ -158,8 +158,8 @@ func (mc *MemoryCompressor) UpdateConfig(cfg *config.OpenAIConfig) {
 	}
 }
-// CompressHistory 根据Token限制压缩历史消息。
+// CompressHistory 根据 Token 限制压缩历史消息。reservedTokens 为预留给 tools 等非消息内容的 token 数，压缩时使用 (maxTotalTokens - reservedTokens) 作为消息上限。
-func (mc *MemoryCompressor) CompressHistory(ctx context.Context, messages []ChatMessage) ([]ChatMessage, bool, error) {
+func (mc *MemoryCompressor) CompressHistory(ctx context.Context, messages []ChatMessage, reservedTokens int) ([]ChatMessage, bool, error) {
 	if len(messages) == 0 {
 		return messages, false, nil
 	}
@@ -171,8 +171,13 @@ func (mc *MemoryCompressor) CompressHistory(ctx context.Context, messages []Chat
 		return messages, false, nil
 	}
 	effectiveMax := mc.maxTotalTokens
 	if reservedTokens > 0 && reservedTokens < mc.maxTotalTokens {
 		effectiveMax = mc.maxTotalTokens - reservedTokens
 	}
 	totalTokens := mc.countTotalTokens(systemMsgs, regularMsgs)
-	if totalTokens <= int(float64(mc.maxTotalTokens)*0.9) {
+	if totalTokens <= int(float64(effectiveMax)*0.9) {
 		return messages, false, nil
 	}
@@ -184,6 +189,8 @@ func (mc *MemoryCompressor) CompressHistory(ctx context.Context, messages []Chat
 	mc.logger.Info("memory compression triggered",
 		zap.Int("total_tokens", totalTokens),
 		zap.Int("max_total_tokens", mc.maxTotalTokens),
 		zap.Int("reserved_tokens", reservedTokens),
 		zap.Int("effective_max", effectiveMax),
 		zap.Int("system_messages", len(systemMsgs)),
 		zap.Int("regular_messages", len(regularMsgs)),
 		zap.Int("old_messages", len(oldMsgs)),
@@ -282,6 +289,11 @@ func (mc *MemoryCompressor) countTokens(text string) int {
 	return count
 }
 // CountTextTokens 对外暴露的文本 Token 计数，用于统计 tools 等非消息内容的 token（如 agent 侧序列化 tools 后计数）。
 func (mc *MemoryCompressor) CountTextTokens(text string) int {
 	return mc.countTokens(text)
 }
 // totalTokensFor provides token statistics without mutating the message list.
 func (mc *MemoryCompressor) totalTokensFor(messages []ChatMessage) (totalTokens int, systemCount int, regularCount int) {
 	if len(messages) == 0 {
@@ -318,6 +318,7 @@ func New(cfg *config.Config, log *logger.Logger) (*App, error) {
 	roleHandler := handler.NewRoleHandler(cfg, configPath, log.Logger)
 	roleHandler.SetSkillsManager(skillsManager) // 设置Skills管理器到RoleHandler
 	skillsHandler := handler.NewSkillsHandler(skillsManager, cfg, configPath, log.Logger)
 	fofaHandler := handler.NewFofaHandler(cfg, log.Logger)
 	if db != nil {
 		skillsHandler.SetDB(db) // 设置数据库连接以便获取调用统计
 	}
@@ -415,6 +416,7 @@ func New(cfg *config.Config, log *logger.Logger) (*App, error) {
 		vulnerabilityHandler,
 		roleHandler,
 		skillsHandler,
 		fofaHandler,
 		mcpServer,
 		authManager,
 		openAPIHandler,
@@ -478,6 +480,7 @@ func setupRoutes(
 	vulnerabilityHandler *handler.VulnerabilityHandler,
 	roleHandler *handler.RoleHandler,
 	skillsHandler *handler.SkillsHandler,
 	fofaHandler *handler.FofaHandler,
 	mcpServer *mcp.Server,
 	authManager *security.AuthManager,
 	openAPIHandler *handler.OpenAPIHandler,
@@ -506,6 +509,9 @@ func setupRoutes(
 		protected.GET("/agent-loop/tasks", agentHandler.ListAgentTasks)
 		protected.GET("/agent-loop/tasks/completed", agentHandler.ListCompletedTasks)
 		// 信息收集 - FOFA 查询（后端代理）
 		protected.POST("/fofa/search", fofaHandler.Search)
 		// 批量任务管理
 		protected.POST("/batch-tasks", agentHandler.CreateBatchQueue)
 		protected.GET("/batch-tasks", agentHandler.ListBatchQueues)
@@ -694,6 +700,18 @@ func setupRoutes(
 				}
 				app.knowledgeHandler.Search(c)
 			})
 			knowledgeRoutes.GET("/stats", func(c *gin.Context) {
 				if app.knowledgeHandler == nil {
 					c.JSON(http.StatusOK, gin.H{
 						"enabled":          false,
 						"total_categories": 0,
 						"total_items":      0,
 						"message":          "知识库功能未启用，请前往系统设置启用知识检索功能",
 					})
 					return
 				}
 				app.knowledgeHandler.GetStats(c)
 			})
 		}
 		// 漏洞管理
@@ -746,7 +764,11 @@ func setupRoutes(
 	// 前端页面
 	router.GET("/", func(c *gin.Context) {
-		c.HTML(http.StatusOK, "index.html", nil)
+		version := app.config.Version
 		if version == "" {
 			version = "v1.0.0"
 		}
 		c.HTML(http.StatusOK, "index.html", gin.H{"Version": version})
 	})
 }
@@ -13,19 +13,21 @@ import (
 )
 type Config struct {
-	Server      ServerConfig      `yaml:"server"`
+	Version     string                `yaml:"version,omitempty" json:"version,omitempty"` // 前端显示的版本号，如 v1.3.3
-	Log         LogConfig         `yaml:"log"`
+	Server      ServerConfig          `yaml:"server"`
-	MCP         MCPConfig         `yaml:"mcp"`
+	Log         LogConfig             `yaml:"log"`
-	OpenAI      OpenAIConfig      `yaml:"openai"`
+	MCP         MCPConfig             `yaml:"mcp"`
-	Agent       AgentConfig       `yaml:"agent"`
+	OpenAI      OpenAIConfig          `yaml:"openai"`
-	Security    SecurityConfig    `yaml:"security"`
+	FOFA        FofaConfig            `yaml:"fofa,omitempty" json:"fofa,omitempty"`
-	Database    DatabaseConfig    `yaml:"database"`
+	Agent       AgentConfig           `yaml:"agent"`
-	Auth        AuthConfig        `yaml:"auth"`
+	Security    SecurityConfig        `yaml:"security"`
-	ExternalMCP ExternalMCPConfig `yaml:"external_mcp,omitempty"`
+	Database    DatabaseConfig        `yaml:"database"`
-	Knowledge   KnowledgeConfig   `yaml:"knowledge,omitempty"`
+	Auth        AuthConfig            `yaml:"auth"`
-	RolesDir    string            `yaml:"roles_dir,omitempty" json:"roles_dir,omitempty"` // 角色配置文件目录（新方式）
+	ExternalMCP ExternalMCPConfig     `yaml:"external_mcp,omitempty"`
-	Roles       map[string]RoleConfig `yaml:"roles,omitempty" json:"roles,omitempty"`     // 向后兼容：支持在主配置文件中定义角色
+	Knowledge   KnowledgeConfig       `yaml:"knowledge,omitempty"`
-	SkillsDir   string            `yaml:"skills_dir,omitempty" json:"skills_dir,omitempty"` // Skills配置文件目录
+	RolesDir    string                `yaml:"roles_dir,omitempty" json:"roles_dir,omitempty"`   // 角色配置文件目录（新方式）
 	Roles       map[string]RoleConfig `yaml:"roles,omitempty" json:"roles,omitempty"`           // 向后兼容：支持在主配置文件中定义角色
 	SkillsDir   string                `yaml:"skills_dir,omitempty" json:"skills_dir,omitempty"` // Skills配置文件目录
 }
 type ServerConfig struct {
@@ -51,9 +53,17 @@ type OpenAIConfig struct {
 	MaxTotalTokens int    `yaml:"max_total_tokens,omitempty" json:"max_total_tokens,omitempty"`
 }
 type FofaConfig struct {
 	// Email 为 FOFA 账号邮箱；APIKey 为 FOFA API Key（建议使用只读权限的 Key）
 	Email   string `yaml:"email,omitempty" json:"email,omitempty"`
 	APIKey  string `yaml:"api_key,omitempty" json:"api_key,omitempty"`
 	BaseURL string `yaml:"base_url,omitempty" json:"base_url,omitempty"` // 默认 https://fofa.info/api/v1/search/all
 }
 type SecurityConfig struct {
-	Tools    []ToolConfig `yaml:"tools,omitempty"`     // 向后兼容：支持在主配置文件中定义工具
+	Tools               []ToolConfig `yaml:"tools,omitempty"`                 // 向后兼容：支持在主配置文件中定义工具
-	ToolsDir string       `yaml:"tools_dir,omitempty"` // 工具配置文件目录（新方式）
+	ToolsDir            string       `yaml:"tools_dir,omitempty"`             // 工具配置文件目录（新方式）
 	ToolDescriptionMode string       `yaml:"tool_description_mode,omitempty"` // 工具描述模式: "short" | "full"，默认 short
 }
 type DatabaseConfig struct {
@@ -83,13 +93,14 @@ type ExternalMCPConfig struct {
 // ExternalMCPServerConfig 外部MCP服务器配置
 type ExternalMCPServerConfig struct {
 	// stdio模式配置
-	Command string   `yaml:"command,omitempty" json:"command,omitempty"`
+	Command string            `yaml:"command,omitempty" json:"command,omitempty"`
-	Args    []string `yaml:"args,omitempty" json:"args,omitempty"`
+	Args    []string          `yaml:"args,omitempty" json:"args,omitempty"`
 	Env     map[string]string `yaml:"env,omitempty" json:"env,omitempty"` // 环境变量（用于stdio模式）
 	// HTTP模式配置
-	Transport string `yaml:"transport,omitempty" json:"transport,omitempty"` // "http" 或 "stdio"
+	Transport string            `yaml:"transport,omitempty" json:"transport,omitempty"` // "stdio" | "sse" | "http"(Streamable) | "simple_http"(自建/简单POST端点，如本机 http://127.0.0.1:8081/mcp)
-	URL       string `yaml:"url,omitempty" json:"url,omitempty"`
+	URL       string            `yaml:"url,omitempty" json:"url,omitempty"`
 	Headers   map[string]string `yaml:"headers,omitempty" json:"headers,omitempty"` // HTTP/SSE 请求头（如 x-api-key）
 	// 通用配置
 	Description       string          `yaml:"description,omitempty" json:"description,omitempty"`
@@ -108,8 +119,8 @@ type ToolConfig struct {
 	ShortDescription string            `yaml:"short_description,omitempty"` // 简短描述（用于工具列表，减少token消耗）
 	Description      string            `yaml:"description"`                 // 详细描述（用于工具文档）
 	Enabled          bool              `yaml:"enabled"`
-	Parameters       []ParameterConfig `yaml:"parameters,omitempty"`  // 参数定义（可选）
+	Parameters       []ParameterConfig `yaml:"parameters,omitempty"`         // 参数定义（可选）
-	ArgMapping       string            `yaml:"arg_mapping,omitempty"` // 参数映射方式: "auto", "manual", "template"（可选）
+	ArgMapping       string            `yaml:"arg_mapping,omitempty"`        // 参数映射方式: "auto", "manual", "template"（可选）
 	AllowedExitCodes []int             `yaml:"allowed_exit_codes,omitempty"` // 允许的退出码列表（某些工具在成功时也返回非零退出码）
 }
@@ -467,7 +478,7 @@ func LoadRoleFromFile(path string) (*RoleConfig, error) {
 		icon := role.Icon
 		// 去除可能的引号
 		icon = strings.Trim(icon, `"`)
-		
+
 		// 检查是否是 Unicode 转义格式 \U0001F3C6（8位十六进制）或 \uXXXX（4位十六进制）
 		if len(icon) >= 3 && icon[0] == '\\' {
 			if icon[1] == 'U' && len(icon) >= 10 {
@@ -576,12 +587,12 @@ type RolesConfig struct {
 // RoleConfig 单个角色配置
 type RoleConfig struct {
-	Name        string   `yaml:"name" json:"name"`               // 角色名称
+	Name        string   `yaml:"name" json:"name"`                         // 角色名称
-	Description string   `yaml:"description" json:"description"` // 角色描述
+	Description string   `yaml:"description" json:"description"`           // 角色描述
-	UserPrompt  string   `yaml:"user_prompt" json:"user_prompt"` // 用户提示词(追加到用户消息前)
+	UserPrompt  string   `yaml:"user_prompt" json:"user_prompt"`           // 用户提示词(追加到用户消息前)
-	Icon        string   `yaml:"icon,omitempty" json:"icon,omitempty"` // 角色图标（可选）
+	Icon        string   `yaml:"icon,omitempty" json:"icon,omitempty"`     // 角色图标（可选）
-	Tools       []string `yaml:"tools,omitempty" json:"tools,omitempty"` // 关联的工具列表（toolKey格式，如 "toolName" 或 "mcpName::toolName"）
+	Tools       []string `yaml:"tools,omitempty" json:"tools,omitempty"`   // 关联的工具列表（toolKey格式，如 "toolName" 或 "mcpName::toolName"）
-	MCPs        []string `yaml:"mcps,omitempty" json:"mcps,omitempty"` // 向后兼容：关联的MCP服务器列表（已废弃，使用tools替代）
+	MCPs        []string `yaml:"mcps,omitempty" json:"mcps,omitempty"`     // 向后兼容：关联的MCP服务器列表（已废弃，使用tools替代）
 	Skills      []string `yaml:"skills,omitempty" json:"skills,omitempty"` // 关联的skills列表（skill名称列表，在执行任务前会读取这些skills的内容）
-	Enabled     bool     `yaml:"enabled" json:"enabled"`         // 是否启用
+	Enabled     bool     `yaml:"enabled" json:"enabled"`                   // 是否启用
 }
@@ -145,6 +145,7 @@ func (h *ConfigHandler) SetAppUpdater(updater AppUpdater) {
 // GetConfigResponse 获取配置响应
 type GetConfigResponse struct {
 	OpenAI    config.OpenAIConfig    `json:"openai"`
 	FOFA      config.FofaConfig      `json:"fofa"`
 	MCP       config.MCPConfig       `json:"mcp"`
 	Tools     []ToolConfigInfo       `json:"tools"`
 	Agent     config.AgentConfig     `json:"agent"`
@@ -174,18 +175,10 @@ func (h *ConfigHandler) GetConfig(c *gin.Context) {
 		configToolMap[tool.Name] = true
 		tools = append(tools, ToolConfigInfo{
 			Name:        tool.Name,
-			Description: tool.ShortDescription,
+			Description: h.pickToolDescription(tool.ShortDescription, tool.Description),
 			Enabled:     tool.Enabled,
 			IsExternal:  false,
 		})
 		// 如果没有简短描述，使用详细描述的前100个字符
 		if tools[len(tools)-1].Description == "" {
 			desc := tool.Description
 			if len(desc) > 100 {
 				desc = desc[:100] + "..."
 			}
 			tools[len(tools)-1].Description = desc
 		}
 	}
 	// 从MCP服务器获取所有已注册的工具（包括直接注册的工具，如知识检索工具）
@@ -201,8 +194,8 @@ func (h *ConfigHandler) GetConfig(c *gin.Context) {
 			if description == "" {
 				description = mcpTool.Description
 			}
-			if len(description) > 100 {
+			if len(description) > 10000 {
-				description = description[:100] + "..."
+				description = description[:10000] + "..."
 			}
 			tools = append(tools, ToolConfigInfo{
 				Name:        mcpTool.Name,
@@ -215,66 +208,16 @@ func (h *ConfigHandler) GetConfig(c *gin.Context) {
 	// 获取外部MCP工具
 	if h.externalMCPMgr != nil {
-		// 增加超时时间到30秒，因为通过代理连接远程服务器可能需要更长时间
+		ctx := context.Background()
-		ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+		externalTools := h.getExternalMCPTools(ctx)
-		defer cancel()
+		for _, toolInfo := range externalTools {
-
+			tools = append(tools, toolInfo)
 		externalTools, err := h.externalMCPMgr.GetAllTools(ctx)
 		if err == nil {
 			externalMCPConfigs := h.externalMCPMgr.GetConfigs()
 			for _, externalTool := range externalTools {
 				var mcpName, actualToolName string
 				if idx := strings.Index(externalTool.Name, "::"); idx > 0 {
 					mcpName = externalTool.Name[:idx]
 					actualToolName = externalTool.Name[idx+2:]
 				} else {
 					continue
 				}
 				enabled := false
 				if cfg, exists := externalMCPConfigs[mcpName]; exists {
 					// 首先检查外部MCP是否启用
 					if !cfg.ExternalMCPEnable && !(cfg.Enabled && !cfg.Disabled) {
 						enabled = false // MCP未启用，所有工具都禁用
 					} else {
 						// MCP已启用，检查单个工具的启用状态
 						// 如果ToolEnabled为空或未设置该工具，默认为启用（向后兼容）
 						if cfg.ToolEnabled == nil {
 							enabled = true // 未设置工具状态，默认为启用
 						} else if toolEnabled, exists := cfg.ToolEnabled[actualToolName]; exists {
 							enabled = toolEnabled // 使用配置的工具状态
 						} else {
 							enabled = true // 工具未在配置中，默认为启用
 						}
 					}
 				}
 				client, exists := h.externalMCPMgr.GetClient(mcpName)
 				if !exists || !client.IsConnected() {
 					enabled = false
 				}
 				description := externalTool.ShortDescription
 				if description == "" {
 					description = externalTool.Description
 				}
 				if len(description) > 100 {
 					description = description[:100] + "..."
 				}
 				tools = append(tools, ToolConfigInfo{
 					Name:        actualToolName,
 					Description: description,
 					Enabled:     enabled,
 					IsExternal:  true,
 					ExternalMCP: mcpName,
 				})
 			}
 		}
 	}
 	c.JSON(http.StatusOK, GetConfigResponse{
 		OpenAI:    h.config.OpenAI,
 		FOFA:      h.config.FOFA,
 		MCP:       h.config.MCP,
 		Tools:     tools,
 		Agent:     h.config.Agent,
@@ -342,18 +285,10 @@ func (h *ConfigHandler) GetTools(c *gin.Context) {
 		configToolMap[tool.Name] = true
 		toolInfo := ToolConfigInfo{
 			Name:        tool.Name,
-			Description: tool.ShortDescription,
+			Description: h.pickToolDescription(tool.ShortDescription, tool.Description),
 			Enabled:     tool.Enabled,
 			IsExternal:  false,
 		}
 		// 如果没有简短描述，使用详细描述的前100个字符
 		if toolInfo.Description == "" {
 			desc := tool.Description
 			if len(desc) > 100 {
 				desc = desc[:100] + "..."
 			}
 			toolInfo.Description = desc
 		}
 		// 根据角色配置标注工具状态
 		if roleName != "" {
@@ -405,8 +340,8 @@ func (h *ConfigHandler) GetTools(c *gin.Context) {
 			if description == "" {
 				description = mcpTool.Description
 			}
-			if len(description) > 100 {
+			if len(description) > 10000 {
-				description = description[:100] + "..."
+				description = description[:10000] + "..."
 			}
 			toolInfo := ToolConfigInfo{
@@ -451,99 +386,43 @@ func (h *ConfigHandler) GetTools(c *gin.Context) {
 	// 获取外部MCP工具
 	if h.externalMCPMgr != nil {
-		// 增加超时时间到30秒，因为通过代理连接远程服务器可能需要更长时间
+		// 创建context用于获取外部工具
-		ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+		ctx := context.Background()
-		defer cancel()
+		externalTools := h.getExternalMCPTools(ctx)
-		externalTools, err := h.externalMCPMgr.GetAllTools(ctx)
+		// 应用搜索过滤和角色配置
-		if err != nil {
+		for _, toolInfo := range externalTools {
-			h.logger.Warn("获取外部MCP工具失败", zap.Error(err))
+			// 搜索过滤
-		} else {
+			if searchTermLower != "" {
-			// 获取外部MCP配置，用于判断启用状态
+				nameLower := strings.ToLower(toolInfo.Name)
-			externalMCPConfigs := h.externalMCPMgr.GetConfigs()
+				descLower := strings.ToLower(toolInfo.Description)
-
+				if !strings.Contains(nameLower, searchTermLower) && !strings.Contains(descLower, searchTermLower) {
-			for _, externalTool := range externalTools {
+					continue // 不匹配，跳过
 				// 解析工具名称：mcpName::toolName
 				var mcpName, actualToolName string
 				if idx := strings.Index(externalTool.Name, "::"); idx > 0 {
 					mcpName = externalTool.Name[:idx]
 					actualToolName = externalTool.Name[idx+2:]
 				} else {
 					continue // 跳过格式不正确的工具
 				}
 				// 获取外部工具的启用状态
 				enabled := false
 				if cfg, exists := externalMCPConfigs[mcpName]; exists {
 					// 首先检查外部MCP是否启用
 					if !cfg.ExternalMCPEnable && !(cfg.Enabled && !cfg.Disabled) {
 						enabled = false // MCP未启用，所有工具都禁用
 					} else {
 						// MCP已启用，检查单个工具的启用状态
 						// 如果ToolEnabled为空或未设置该工具，默认为启用（向后兼容）
 						if cfg.ToolEnabled == nil {
 							enabled = true // 未设置工具状态，默认为启用
 						} else if toolEnabled, exists := cfg.ToolEnabled[actualToolName]; exists {
 							enabled = toolEnabled // 使用配置的工具状态
 						} else {
 							enabled = true // 工具未在配置中，默认为启用
 						}
 					}
 				}
 				// 检查外部MCP是否已连接
 				client, exists := h.externalMCPMgr.GetClient(mcpName)
 				if !exists || !client.IsConnected() {
 					enabled = false // 未连接时视为禁用
 				}
 				description := externalTool.ShortDescription
 				if description == "" {
 					description = externalTool.Description
 				}
 				if len(description) > 100 {
 					description = description[:100] + "..."
 				}
 				// 如果有关键词，进行搜索过滤
 				if searchTermLower != "" {
 					nameLower := strings.ToLower(actualToolName)
 					descLower := strings.ToLower(description)
 					if !strings.Contains(nameLower, searchTermLower) && !strings.Contains(descLower, searchTermLower) {
 						continue // 不匹配，跳过
 					}
 				}
 				toolInfo := ToolConfigInfo{
 					Name:        actualToolName, // 显示实际工具名称，不带前缀
 					Description: description,
 					Enabled:     enabled,
 					IsExternal:  true,
 					ExternalMCP: mcpName,
 				}
 				// 根据角色配置标注工具状态
 				if roleName != "" {
 					if roleUsesAllTools {
 						// 角色使用所有工具，标注启用的工具为role_enabled=true
 						toolInfo.RoleEnabled = &enabled
 					} else {
 						// 角色配置了工具列表，检查工具是否在列表中
 						// 外部工具使用 "mcpName::toolName" 格式作为key
 						externalToolKey := externalTool.Name // 这是 "mcpName::toolName" 格式
 						if roleToolsSet[externalToolKey] {
 							roleEnabled := enabled // 工具必须在角色列表中且本身启用
 							toolInfo.RoleEnabled = &roleEnabled
 						} else {
 							// 不在角色列表中，标记为false
 							roleEnabled := false
 							toolInfo.RoleEnabled = &roleEnabled
 						}
 					}
 				}
 				allTools = append(allTools, toolInfo)
 			}
 			// 根据角色配置标注工具状态
 			if roleName != "" {
 				if roleUsesAllTools {
 					// 角色使用所有工具，标注启用的工具为role_enabled=true
 					roleEnabled := toolInfo.Enabled
 					toolInfo.RoleEnabled = &roleEnabled
 				} else {
 					// 角色配置了工具列表，检查工具是否在列表中
 					// 外部工具使用 "mcpName::toolName" 格式作为key
 					externalToolKey := fmt.Sprintf("%s::%s", toolInfo.ExternalMCP, toolInfo.Name)
 					if roleToolsSet[externalToolKey] {
 						roleEnabled := toolInfo.Enabled // 工具必须在角色列表中且本身启用
 						toolInfo.RoleEnabled = &roleEnabled
 					} else {
 						// 不在角色列表中，标记为false
 						roleEnabled := false
 						toolInfo.RoleEnabled = &roleEnabled
 					}
 				}
 			}
 			allTools = append(allTools, toolInfo)
 		}
 	}
@@ -595,6 +474,7 @@ func (h *ConfigHandler) GetTools(c *gin.Context) {
 // UpdateConfigRequest 更新配置请求
 type UpdateConfigRequest struct {
 	OpenAI    *config.OpenAIConfig    `json:"openai,omitempty"`
 	FOFA      *config.FofaConfig      `json:"fofa,omitempty"`
 	MCP       *config.MCPConfig       `json:"mcp,omitempty"`
 	Tools     []ToolEnableStatus      `json:"tools,omitempty"`
 	Agent     *config.AgentConfig     `json:"agent,omitempty"`
@@ -629,6 +509,12 @@ func (h *ConfigHandler) UpdateConfig(c *gin.Context) {
 		)
 	}
 	// 更新FOFA配置
 	if req.FOFA != nil {
 		h.config.FOFA = *req.FOFA
 		h.logger.Info("更新FOFA配置", zap.String("email", h.config.FOFA.Email))
 	}
 	// 更新MCP配置
 	if req.MCP != nil {
 		h.config.MCP = *req.MCP
@@ -1259,3 +1145,114 @@ func setFloatInMap(mapNode *yaml.Node, key string, value float64) {
 		valueNode.Value = fmt.Sprintf("%g", value)
 	}
 }
 // getExternalMCPTools 获取外部MCP工具列表（公共方法）
 // 返回 ToolConfigInfo 列表，已处理启用状态和描述信息
 func (h *ConfigHandler) getExternalMCPTools(ctx context.Context) []ToolConfigInfo {
 	var result []ToolConfigInfo
 	if h.externalMCPMgr == nil {
 		return result
 	}
 	// 使用较短的超时时间（5秒）进行快速失败，避免阻塞页面加载
 	timeoutCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
 	defer cancel()
 	externalTools, err := h.externalMCPMgr.GetAllTools(timeoutCtx)
 	if err != nil {
 		// 记录警告但不阻塞，继续返回已缓存的工具（如果有）
 		h.logger.Warn("获取外部MCP工具失败（可能连接断开），尝试返回缓存的工具",
 			zap.Error(err),
 			zap.String("hint", "如果外部MCP工具未显示，请检查连接状态或点击刷新按钮"),
 		)
 	}
 	// 如果获取到了工具（即使有错误），继续处理
 	if len(externalTools) == 0 {
 		return result
 	}
 	externalMCPConfigs := h.externalMCPMgr.GetConfigs()
 	for _, externalTool := range externalTools {
 		// 解析工具名称：mcpName::toolName
 		mcpName, actualToolName := h.parseExternalToolName(externalTool.Name)
 		if mcpName == "" || actualToolName == "" {
 			continue // 跳过格式不正确的工具
 		}
 		// 计算启用状态
 		enabled := h.calculateExternalToolEnabled(mcpName, actualToolName, externalMCPConfigs)
 		// 处理描述信息
 		description := h.pickToolDescription(externalTool.ShortDescription, externalTool.Description)
 		result = append(result, ToolConfigInfo{
 			Name:        actualToolName,
 			Description: description,
 			Enabled:     enabled,
 			IsExternal:  true,
 			ExternalMCP: mcpName,
 		})
 	}
 	return result
 }
 // parseExternalToolName 解析外部工具名称（格式：mcpName::toolName）
 func (h *ConfigHandler) parseExternalToolName(fullName string) (mcpName, toolName string) {
 	idx := strings.Index(fullName, "::")
 	if idx > 0 {
 		return fullName[:idx], fullName[idx+2:]
 	}
 	return "", ""
 }
 // calculateExternalToolEnabled 计算外部工具的启用状态
 func (h *ConfigHandler) calculateExternalToolEnabled(mcpName, toolName string, configs map[string]config.ExternalMCPServerConfig) bool {
 	cfg, exists := configs[mcpName]
 	if !exists {
 		return false
 	}
 	// 首先检查外部MCP是否启用
 	if !cfg.ExternalMCPEnable && !(cfg.Enabled && !cfg.Disabled) {
 		return false // MCP未启用，所有工具都禁用
 	}
 	// MCP已启用，检查单个工具的启用状态
 	// 如果ToolEnabled为空或未设置该工具，默认为启用（向后兼容）
 	if cfg.ToolEnabled == nil {
 		// 未设置工具状态，默认为启用
 	} else if toolEnabled, exists := cfg.ToolEnabled[toolName]; exists {
 		// 使用配置的工具状态
 		if !toolEnabled {
 			return false
 		}
 	}
 	// 工具未在配置中，默认为启用
 	// 最后检查外部MCP是否已连接
 	client, exists := h.externalMCPMgr.GetClient(mcpName)
 	if !exists || !client.IsConnected() {
 		return false // 未连接时视为禁用
 	}
 	return true
 }
 // pickToolDescription 根据 security.tool_description_mode 选择 short 或 full 描述并限制长度
 func (h *ConfigHandler) pickToolDescription(shortDesc, fullDesc string) string {
 	useFull := strings.TrimSpace(strings.ToLower(h.config.Security.ToolDescriptionMode)) == "full"
 	description := shortDesc
 	if useFull {
 		description = fullDesc
 	} else if description == "" {
 		description = fullDesc
 	}
 	if len(description) > 10000 {
 		description = description[:10000] + "..."
 	}
 	return description
 }
@@ -8,6 +8,7 @@ import (
 	"cyberstrike-ai/internal/config"
 	"cyberstrike-ai/internal/mcp"
 	"github.com/gin-gonic/gin"
 	"go.uber.org/zap"
 	"gopkg.in/yaml.v3"
@@ -36,12 +37,12 @@ func NewExternalMCPHandler(manager *mcp.ExternalMCPManager, cfg *config.Config,
 func (h *ExternalMCPHandler) GetExternalMCPs(c *gin.Context) {
 	h.mu.RLock()
 	defer h.mu.RUnlock()
-	
+
 	configs := h.manager.GetConfigs()
-	
+
 	// 获取所有外部MCP的工具数量
 	toolCounts := h.manager.GetToolCounts()
-	
+
 	// 转换为响应格式
 	result := make(map[string]ExternalMCPResponse)
 	for name, cfg := range configs {
@@ -54,13 +55,13 @@ func (h *ExternalMCPHandler) GetExternalMCPs(c *gin.Context) {
 		} else {
 			status = "disabled"
 		}
-		
+
 		toolCount := toolCounts[name]
 		errorMsg := ""
 		if status == "error" {
 			errorMsg = h.manager.GetError(name)
 		}
-		
+
 		result[name] = ExternalMCPResponse{
 			Config:    cfg,
 			Status:    status,
@@ -68,7 +69,7 @@ func (h *ExternalMCPHandler) GetExternalMCPs(c *gin.Context) {
 			Error:     errorMsg,
 		}
 	}
-	
+
 	c.JSON(http.StatusOK, gin.H{
 		"servers": result,
 		"stats":   h.manager.GetStats(),
@@ -78,17 +79,17 @@ func (h *ExternalMCPHandler) GetExternalMCPs(c *gin.Context) {
 // GetExternalMCP 获取单个外部MCP配置
 func (h *ExternalMCPHandler) GetExternalMCP(c *gin.Context) {
 	name := c.Param("name")
-	
+
 	h.mu.RLock()
 	defer h.mu.RUnlock()
-	
+
 	configs := h.manager.GetConfigs()
 	cfg, exists := configs[name]
 	if !exists {
 		c.JSON(http.StatusNotFound, gin.H{"error": "外部MCP配置不存在"})
 		return
 	}
-	
+
 	client, clientExists := h.manager.GetClient(name)
 	status := "disconnected"
 	if clientExists {
@@ -98,7 +99,7 @@ func (h *ExternalMCPHandler) GetExternalMCP(c *gin.Context) {
 	} else {
 		status = "disabled"
 	}
-	
+
 	// 获取工具数量
 	toolCount := 0
 	if clientExists && client.IsConnected() {
@@ -106,13 +107,13 @@ func (h *ExternalMCPHandler) GetExternalMCP(c *gin.Context) {
 			toolCount = count
 		}
 	}
-	
+
 	// 获取错误信息
 	errorMsg := ""
 	if status == "error" {
 		errorMsg = h.manager.GetError(name)
 	}
-	
+
 	c.JSON(http.StatusOK, ExternalMCPResponse{
 		Config:    cfg,
 		Status:    status,
@@ -128,38 +129,38 @@ func (h *ExternalMCPHandler) AddOrUpdateExternalMCP(c *gin.Context) {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "无效的请求参数: " + err.Error()})
 		return
 	}
-	
+
 	name := c.Param("name")
 	if name == "" {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "名称不能为空"})
 		return
 	}
-	
+
 	// 验证配置
 	if err := h.validateConfig(req.Config); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
-	
+
 	h.mu.Lock()
 	defer h.mu.Unlock()
-	
+
 	// 添加或更新配置
 	if err := h.manager.AddOrUpdateConfig(name, req.Config); err != nil {
 		h.logger.Error("添加或更新外部MCP配置失败", zap.Error(err))
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "添加或更新配置失败: " + err.Error()})
 		return
 	}
-	
+
 	// 更新内存中的配置
 	if h.config.ExternalMCP.Servers == nil {
 		h.config.ExternalMCP.Servers = make(map[string]config.ExternalMCPServerConfig)
 	}
-	
+
 	// 如果用户提供了 disabled 或 enabled 字段，保留它们以保持向后兼容
 	// 同时将值迁移到 external_mcp_enable
 	cfg := req.Config
-	
+
 	if req.Config.Disabled {
 		// 用户设置了 disabled: true
 		cfg.ExternalMCPEnable = false
@@ -185,16 +186,16 @@ func (h *ExternalMCPHandler) AddOrUpdateExternalMCP(c *gin.Context) {
 		cfg.Enabled = true
 		cfg.Disabled = false
 	}
-	
+
 	h.config.ExternalMCP.Servers[name] = cfg
-	
+
 	// 保存到配置文件
 	if err := h.saveConfig(); err != nil {
 		h.logger.Error("保存配置失败", zap.Error(err))
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "保存配置失败: " + err.Error()})
 		return
 	}
-	
+
 	h.logger.Info("外部MCP配置已更新", zap.String("name", name))
 	c.JSON(http.StatusOK, gin.H{"message": "配置已更新"})
 }
@@ -202,28 +203,28 @@ func (h *ExternalMCPHandler) AddOrUpdateExternalMCP(c *gin.Context) {
 // DeleteExternalMCP 删除外部MCP配置
 func (h *ExternalMCPHandler) DeleteExternalMCP(c *gin.Context) {
 	name := c.Param("name")
-	
+
 	h.mu.Lock()
 	defer h.mu.Unlock()
-	
+
 	// 移除配置
 	if err := h.manager.RemoveConfig(name); err != nil {
 		c.JSON(http.StatusNotFound, gin.H{"error": "配置不存在"})
 		return
 	}
-	
+
 	// 从内存配置中删除
 	if h.config.ExternalMCP.Servers != nil {
 		delete(h.config.ExternalMCP.Servers, name)
 	}
-	
+
 	// 保存到配置文件
 	if err := h.saveConfig(); err != nil {
 		h.logger.Error("保存配置失败", zap.Error(err))
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "保存配置失败: " + err.Error()})
 		return
 	}
-	
+
 	h.logger.Info("外部MCP配置已删除", zap.String("name", name))
 	c.JSON(http.StatusOK, gin.H{"message": "配置已删除"})
 }
@@ -231,10 +232,10 @@ func (h *ExternalMCPHandler) DeleteExternalMCP(c *gin.Context) {
 // StartExternalMCP 启动外部MCP
 func (h *ExternalMCPHandler) StartExternalMCP(c *gin.Context) {
 	name := c.Param("name")
-	
+
 	h.mu.Lock()
 	defer h.mu.Unlock()
-	
+
 	// 更新配置为启用
 	if h.config.ExternalMCP.Servers == nil {
 		h.config.ExternalMCP.Servers = make(map[string]config.ExternalMCPServerConfig)
@@ -242,32 +243,32 @@ func (h *ExternalMCPHandler) StartExternalMCP(c *gin.Context) {
 	cfg := h.config.ExternalMCP.Servers[name]
 	cfg.ExternalMCPEnable = true
 	h.config.ExternalMCP.Servers[name] = cfg
-	
+
 	// 保存到配置文件
 	if err := h.saveConfig(); err != nil {
 		h.logger.Error("保存配置失败", zap.Error(err))
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "保存配置失败: " + err.Error()})
 		return
 	}
-	
+
 	// 启动客户端（立即创建客户端并设置状态为connecting，实际连接在后台进行）
 	h.logger.Info("开始启动外部MCP", zap.String("name", name))
 	if err := h.manager.StartClient(name); err != nil {
 		h.logger.Error("启动外部MCP失败", zap.String("name", name), zap.Error(err))
 		c.JSON(http.StatusBadRequest, gin.H{
-			"error": err.Error(),
+			"error":  err.Error(),
 			"status": "error",
 		})
 		return
 	}
-	
+
 	// 获取客户端状态（应该是connecting）
 	client, exists := h.manager.GetClient(name)
 	status := "connecting"
 	if exists {
 		status = client.GetStatus()
 	}
-	
+
 	// 立即返回，不等待连接完成
 	// 客户端会在后台异步连接，用户可以通过状态查询接口查看连接状态
 	c.JSON(http.StatusOK, gin.H{
@@ -279,16 +280,16 @@ func (h *ExternalMCPHandler) StartExternalMCP(c *gin.Context) {
 // StopExternalMCP 停止外部MCP
 func (h *ExternalMCPHandler) StopExternalMCP(c *gin.Context) {
 	name := c.Param("name")
-	
+
 	h.mu.Lock()
 	defer h.mu.Unlock()
-	
+
 	// 停止客户端
 	if err := h.manager.StopClient(name); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
-	
+
 	// 更新配置
 	if h.config.ExternalMCP.Servers == nil {
 		h.config.ExternalMCP.Servers = make(map[string]config.ExternalMCPServerConfig)
@@ -296,14 +297,14 @@ func (h *ExternalMCPHandler) StopExternalMCP(c *gin.Context) {
 	cfg := h.config.ExternalMCP.Servers[name]
 	cfg.ExternalMCPEnable = false
 	h.config.ExternalMCP.Servers[name] = cfg
-	
+
 	// 保存到配置文件
 	if err := h.saveConfig(); err != nil {
 		h.logger.Error("保存配置失败", zap.Error(err))
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "保存配置失败: " + err.Error()})
 		return
 	}
-	
+
 	h.logger.Info("外部MCP已停止", zap.String("name", name))
 	c.JSON(http.StatusOK, gin.H{"message": "外部MCP已停止"})
 }
@@ -327,7 +328,7 @@ func (h *ExternalMCPHandler) validateConfig(cfg config.ExternalMCPServerConfig)
 			return fmt.Errorf("需要指定command（stdio模式）或url（http/sse模式）")
 		}
 	}
-	
+
 	switch transport {
 	case "http":
 		if cfg.URL == "" {
@@ -344,7 +345,7 @@ func (h *ExternalMCPHandler) validateConfig(cfg config.ExternalMCPServerConfig)
 	default:
 		return fmt.Errorf("不支持的传输模式: %s，支持的模式: http, stdio, sse", transport)
 	}
-	
+
 	return nil
 }
@@ -428,17 +429,17 @@ func updateExternalMCPConfig(doc *yaml.Node, cfg config.ExternalMCPConfig, origi
 	root := doc.Content[0]
 	externalMCPNode := ensureMap(root, "external_mcp")
 	serversNode := ensureMap(externalMCPNode, "servers")
-	
+
 	// 清空现有服务器配置
 	serversNode.Content = nil
-	
+
 	// 添加新的服务器配置
 	for name, serverCfg := range cfg.Servers {
 		// 添加服务器名称键
 		nameNode := &yaml.Node{Kind: yaml.ScalarNode, Tag: "!!str", Value: name}
 		serverNode := &yaml.Node{Kind: yaml.MappingNode, Tag: "!!map"}
 		serversNode.Content = append(serversNode.Content, nameNode, serverNode)
-		
+
 		// 设置服务器配置字段
 		if serverCfg.Command != "" {
 			setStringInMap(serverNode, "command", serverCfg.Command)
@@ -459,6 +460,13 @@ func updateExternalMCPConfig(doc *yaml.Node, cfg config.ExternalMCPConfig, origi
 		if serverCfg.URL != "" {
 			setStringInMap(serverNode, "url", serverCfg.URL)
 		}
 		// 保存 headers 字段（HTTP/SSE 请求头）
 		if serverCfg.Headers != nil && len(serverCfg.Headers) > 0 {
 			headersNode := ensureMap(serverNode, "headers")
 			for k, v := range serverCfg.Headers {
 				setStringInMap(headersNode, k, v)
 			}
 		}
 		if serverCfg.Description != "" {
 			setStringInMap(serverNode, "description", serverCfg.Description)
 		}
@@ -476,7 +484,7 @@ func updateExternalMCPConfig(doc *yaml.Node, cfg config.ExternalMCPConfig, origi
 		}
 		// 保留旧的 enabled/disabled 字段以保持向后兼容
 		originalFields, hasOriginal := originalConfigs[name]
-		
+
 		// 如果原始配置中有 enabled 字段，保留它
 		if hasOriginal {
 			if enabledVal, hasEnabled := originalFields["enabled"]; hasEnabled {
@@ -494,7 +502,7 @@ func updateExternalMCPConfig(doc *yaml.Node, cfg config.ExternalMCPConfig, origi
 				}
 			}
 		}
-		
+
 		// 如果用户在当前请求中明确设置了这些字段，也保存它们
 		if serverCfg.Enabled {
 			setBoolInMap(serverNode, "enabled", serverCfg.Enabled)
@@ -528,8 +536,7 @@ type AddOrUpdateExternalMCPRequest struct {
 // ExternalMCPResponse 外部MCP响应
 type ExternalMCPResponse struct {
 	Config    config.ExternalMCPServerConfig `json:"config"`
-	Status    string                         `json:"status"` // "connected", "disconnected", "disabled", "error", "connecting"
+	Status    string                         `json:"status"`          // "connected", "disconnected", "disabled", "error", "connecting"
-	ToolCount int                            `json:"tool_count"` // 工具数量
+	ToolCount int                            `json:"tool_count"`      // 工具数量
 	Error     string                         `json:"error,omitempty"` // 错误信息（仅在status为error时存在）
 }
@@ -11,6 +11,7 @@ import (
 	"cyberstrike-ai/internal/config"
 	"cyberstrike-ai/internal/mcp"
 	"github.com/gin-gonic/gin"
 	"go.uber.org/zap"
 )
@@ -18,7 +19,7 @@ import (
 func setupTestRouter() (*gin.Engine, *ExternalMCPHandler, string) {
 	gin.SetMode(gin.TestMode)
 	router := gin.New()
-	
+
 	// 创建临时配置文件
 	tmpFile, err := os.CreateTemp("", "test-config-*.yaml")
 	if err != nil {
@@ -27,7 +28,7 @@ func setupTestRouter() (*gin.Engine, *ExternalMCPHandler, string) {
 	tmpFile.WriteString("server:\n  host: 0.0.0.0\n  port: 8080\n")
 	tmpFile.Close()
 	configPath := tmpFile.Name()
-	
+
 	logger := zap.NewNop()
 	manager := mcp.NewExternalMCPManager(logger)
 	cfg := &config.Config{
@@ -35,9 +36,9 @@ func setupTestRouter() (*gin.Engine, *ExternalMCPHandler, string) {
 			Servers: make(map[string]config.ExternalMCPServerConfig),
 		},
 	}
-	
+
 	handler := NewExternalMCPHandler(manager, cfg, configPath, logger)
-	
+
 	api := router.Group("/api")
 	api.GET("/external-mcp", handler.GetExternalMCPs)
 	api.GET("/external-mcp/stats", handler.GetExternalMCPStats)
@@ -46,7 +47,7 @@ func setupTestRouter() (*gin.Engine, *ExternalMCPHandler, string) {
 	api.DELETE("/external-mcp/:name", handler.DeleteExternalMCP)
 	api.POST("/external-mcp/:name/start", handler.StartExternalMCP)
 	api.POST("/external-mcp/:name/stop", handler.StopExternalMCP)
-	
+
 	return router, handler, configPath
 }
@@ -58,7 +59,7 @@ func cleanupTestConfig(configPath string) {
 func TestExternalMCPHandler_AddOrUpdateExternalMCP_Stdio(t *testing.T) {
 	router, _, configPath := setupTestRouter()
 	defer cleanupTestConfig(configPath)
-	
+
 	// 测试添加stdio模式的配置
 	configJSON := `{
 		"command": "python3",
@@ -67,41 +68,41 @@ func TestExternalMCPHandler_AddOrUpdateExternalMCP_Stdio(t *testing.T) {
 		"timeout": 300,
 		"enabled": true
 	}`
-	
+
 	var configObj config.ExternalMCPServerConfig
 	if err := json.Unmarshal([]byte(configJSON), &configObj); err != nil {
 		t.Fatalf("解析配置JSON失败: %v", err)
 	}
-	
+
 	reqBody := AddOrUpdateExternalMCPRequest{
 		Config: configObj,
 	}
-	
+
 	body, _ := json.Marshal(reqBody)
 	req := httptest.NewRequest("PUT", "/api/external-mcp/test-stdio", bytes.NewBuffer(body))
 	req.Header.Set("Content-Type", "application/json")
 	w := httptest.NewRecorder()
-	
+
 	router.ServeHTTP(w, req)
-	
+
 	if w.Code != http.StatusOK {
 		t.Fatalf("期望状态码200，实际%d: %s", w.Code, w.Body.String())
 	}
-	
+
 	// 验证配置已添加
 	req2 := httptest.NewRequest("GET", "/api/external-mcp/test-stdio", nil)
 	w2 := httptest.NewRecorder()
 	router.ServeHTTP(w2, req2)
-	
+
 	if w2.Code != http.StatusOK {
 		t.Fatalf("期望状态码200，实际%d: %s", w2.Code, w2.Body.String())
 	}
-	
+
 	var response ExternalMCPResponse
 	if err := json.Unmarshal(w2.Body.Bytes(), &response); err != nil {
 		t.Fatalf("解析响应失败: %v", err)
 	}
-	
+
 	if response.Config.Command != "python3" {
 		t.Errorf("期望command为python3，实际%s", response.Config.Command)
 	}
@@ -122,48 +123,48 @@ func TestExternalMCPHandler_AddOrUpdateExternalMCP_Stdio(t *testing.T) {
 func TestExternalMCPHandler_AddOrUpdateExternalMCP_HTTP(t *testing.T) {
 	router, _, configPath := setupTestRouter()
 	defer cleanupTestConfig(configPath)
-	
+
 	// 测试添加HTTP模式的配置
 	configJSON := `{
 		"transport": "http",
 		"url": "http://127.0.0.1:8081/mcp",
 		"enabled": true
 	}`
-	
+
 	var configObj config.ExternalMCPServerConfig
 	if err := json.Unmarshal([]byte(configJSON), &configObj); err != nil {
 		t.Fatalf("解析配置JSON失败: %v", err)
 	}
-	
+
 	reqBody := AddOrUpdateExternalMCPRequest{
 		Config: configObj,
 	}
-	
+
 	body, _ := json.Marshal(reqBody)
 	req := httptest.NewRequest("PUT", "/api/external-mcp/test-http", bytes.NewBuffer(body))
 	req.Header.Set("Content-Type", "application/json")
 	w := httptest.NewRecorder()
-	
+
 	router.ServeHTTP(w, req)
-	
+
 	if w.Code != http.StatusOK {
 		t.Fatalf("期望状态码200，实际%d: %s", w.Code, w.Body.String())
 	}
-	
+
 	// 验证配置已添加
 	req2 := httptest.NewRequest("GET", "/api/external-mcp/test-http", nil)
 	w2 := httptest.NewRecorder()
 	router.ServeHTTP(w2, req2)
-	
+
 	if w2.Code != http.StatusOK {
 		t.Fatalf("期望状态码200，实际%d: %s", w2.Code, w2.Body.String())
 	}
-	
+
 	var response ExternalMCPResponse
 	if err := json.Unmarshal(w2.Body.Bytes(), &response); err != nil {
 		t.Fatalf("解析响应失败: %v", err)
 	}
-	
+
 	if response.Config.Transport != "http" {
 		t.Errorf("期望transport为http，实际%s", response.Config.Transport)
 	}
@@ -178,7 +179,7 @@ func TestExternalMCPHandler_AddOrUpdateExternalMCP_HTTP(t *testing.T) {
 func TestExternalMCPHandler_AddOrUpdateExternalMCP_InvalidConfig(t *testing.T) {
 	router, _, configPath := setupTestRouter()
 	defer cleanupTestConfig(configPath)
-	
+
 	testCases := []struct {
 		name        string
 		configJSON  string
@@ -187,7 +188,7 @@ func TestExternalMCPHandler_AddOrUpdateExternalMCP_InvalidConfig(t *testing.T) {
 		{
 			name:        "缺少command和url",
 			configJSON:  `{"enabled": true}`,
-			expectedErr: "需要指定command（stdio模式）或url（http模式）",
+			expectedErr: "需要指定command（stdio模式）或url（http/sse模式）",
 		},
 		{
 			name:        "stdio模式缺少command",
@@ -205,34 +206,34 @@ func TestExternalMCPHandler_AddOrUpdateExternalMCP_InvalidConfig(t *testing.T) {
 			expectedErr: "不支持的传输模式",
 		},
 	}
-	
+
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			var configObj config.ExternalMCPServerConfig
 			if err := json.Unmarshal([]byte(tc.configJSON), &configObj); err != nil {
 				t.Fatalf("解析配置JSON失败: %v", err)
 			}
-			
+
 			reqBody := AddOrUpdateExternalMCPRequest{
 				Config: configObj,
 			}
-			
+
 			body, _ := json.Marshal(reqBody)
 			req := httptest.NewRequest("PUT", "/api/external-mcp/test-invalid", bytes.NewBuffer(body))
 			req.Header.Set("Content-Type", "application/json")
 			w := httptest.NewRecorder()
-			
+
 			router.ServeHTTP(w, req)
-			
+
 			if w.Code != http.StatusBadRequest {
 				t.Errorf("期望状态码400，实际%d: %s", w.Code, w.Body.String())
 			}
-			
+
 			var response map[string]interface{}
 			if err := json.Unmarshal(w.Body.Bytes(), &response); err != nil {
 				t.Fatalf("解析响应失败: %v", err)
 			}
-			
+
 			errorMsg := response["error"].(string)
 			// 对于stdio模式缺少command的情况，错误信息可能略有不同
 			if tc.name == "stdio模式缺少command" {
@@ -249,28 +250,28 @@ func TestExternalMCPHandler_AddOrUpdateExternalMCP_InvalidConfig(t *testing.T) {
 func TestExternalMCPHandler_DeleteExternalMCP(t *testing.T) {
 	router, handler, configPath := setupTestRouter()
 	defer cleanupTestConfig(configPath)
-	
+
 	// 先添加一个配置
 	configObj := config.ExternalMCPServerConfig{
 		Command: "python3",
 		Enabled: true,
 	}
 	handler.manager.AddOrUpdateConfig("test-delete", configObj)
-	
+
 	// 删除配置
 	req := httptest.NewRequest("DELETE", "/api/external-mcp/test-delete", nil)
 	w := httptest.NewRecorder()
 	router.ServeHTTP(w, req)
-	
+
 	if w.Code != http.StatusOK {
 		t.Fatalf("期望状态码200，实际%d: %s", w.Code, w.Body.String())
 	}
-	
+
 	// 验证配置已删除
 	req2 := httptest.NewRequest("GET", "/api/external-mcp/test-delete", nil)
 	w2 := httptest.NewRecorder()
 	router.ServeHTTP(w2, req2)
-	
+
 	if w2.Code != http.StatusNotFound {
 		t.Errorf("期望状态码404，实际%d: %s", w2.Code, w2.Body.String())
 	}
@@ -278,7 +279,7 @@ func TestExternalMCPHandler_DeleteExternalMCP(t *testing.T) {
 func TestExternalMCPHandler_GetExternalMCPs(t *testing.T) {
 	router, handler, _ := setupTestRouter()
-	
+
 	// 添加多个配置
 	handler.manager.AddOrUpdateConfig("test1", config.ExternalMCPServerConfig{
 		Command: "python3",
@@ -288,20 +289,20 @@ func TestExternalMCPHandler_GetExternalMCPs(t *testing.T) {
 		URL:     "http://127.0.0.1:8081/mcp",
 		Enabled: false,
 	})
-	
+
 	req := httptest.NewRequest("GET", "/api/external-mcp", nil)
 	w := httptest.NewRecorder()
 	router.ServeHTTP(w, req)
-	
+
 	if w.Code != http.StatusOK {
 		t.Fatalf("期望状态码200，实际%d: %s", w.Code, w.Body.String())
 	}
-	
+
 	var response map[string]interface{}
 	if err := json.Unmarshal(w.Body.Bytes(), &response); err != nil {
 		t.Fatalf("解析响应失败: %v", err)
 	}
-	
+
 	servers := response["servers"].(map[string]interface{})
 	if len(servers) != 2 {
 		t.Errorf("期望2个服务器，实际%d", len(servers))
@@ -312,7 +313,7 @@ func TestExternalMCPHandler_GetExternalMCPs(t *testing.T) {
 	if _, ok := servers["test2"]; !ok {
 		t.Error("期望包含test2")
 	}
-	
+
 	stats := response["stats"].(map[string]interface{})
 	if int(stats["total"].(float64)) != 2 {
 		t.Errorf("期望总数为2，实际%d", int(stats["total"].(float64)))
@@ -321,7 +322,7 @@ func TestExternalMCPHandler_GetExternalMCPs(t *testing.T) {
 func TestExternalMCPHandler_GetExternalMCPStats(t *testing.T) {
 	router, handler, _ := setupTestRouter()
-	
+
 	// 添加配置
 	handler.manager.AddOrUpdateConfig("enabled1", config.ExternalMCPServerConfig{
 		Command: "python3",
@@ -336,20 +337,20 @@ func TestExternalMCPHandler_GetExternalMCPStats(t *testing.T) {
 		Enabled:  false,
 		Disabled: true,
 	})
-	
+
 	req := httptest.NewRequest("GET", "/api/external-mcp/stats", nil)
 	w := httptest.NewRecorder()
 	router.ServeHTTP(w, req)
-	
+
 	if w.Code != http.StatusOK {
 		t.Fatalf("期望状态码200，实际%d: %s", w.Code, w.Body.String())
 	}
-	
+
 	var stats map[string]interface{}
 	if err := json.Unmarshal(w.Body.Bytes(), &stats); err != nil {
 		t.Fatalf("解析响应失败: %v", err)
 	}
-	
+
 	if int(stats["total"].(float64)) != 3 {
 		t.Errorf("期望总数为3，实际%d", int(stats["total"].(float64)))
 	}
@@ -364,19 +365,19 @@ func TestExternalMCPHandler_GetExternalMCPStats(t *testing.T) {
 func TestExternalMCPHandler_StartStopExternalMCP(t *testing.T) {
 	router, handler, configPath := setupTestRouter()
 	defer cleanupTestConfig(configPath)
-	
+
 	// 添加一个禁用的配置
 	handler.manager.AddOrUpdateConfig("test-start-stop", config.ExternalMCPServerConfig{
 		Command:  "python3",
 		Enabled:  false,
 		Disabled: true,
 	})
-	
+
 	// 测试启动（可能会失败，因为没有真实的服务器）
 	req := httptest.NewRequest("POST", "/api/external-mcp/test-start-stop/start", nil)
 	w := httptest.NewRecorder()
 	router.ServeHTTP(w, req)
-	
+
 	// 启动可能会失败，但应该返回合理的状态码
 	if w.Code != http.StatusOK {
 		// 如果启动失败，应该是400或500
@@ -384,12 +385,12 @@ func TestExternalMCPHandler_StartStopExternalMCP(t *testing.T) {
 			t.Errorf("期望状态码200/400/500，实际%d: %s", w.Code, w.Body.String())
 		}
 	}
-	
+
 	// 测试停止
 	req2 := httptest.NewRequest("POST", "/api/external-mcp/test-start-stop/stop", nil)
 	w2 := httptest.NewRecorder()
 	router.ServeHTTP(w2, req2)
-	
+
 	if w2.Code != http.StatusOK {
 		t.Errorf("期望状态码200，实际%d: %s", w2.Code, w2.Body.String())
 	}
@@ -397,11 +398,11 @@ func TestExternalMCPHandler_StartStopExternalMCP(t *testing.T) {
 func TestExternalMCPHandler_GetExternalMCP_NotFound(t *testing.T) {
 	router, _, _ := setupTestRouter()
-	
+
 	req := httptest.NewRequest("GET", "/api/external-mcp/nonexistent", nil)
 	w := httptest.NewRecorder()
 	router.ServeHTTP(w, req)
-	
+
 	if w.Code != http.StatusNotFound {
 		t.Errorf("期望状态码404，实际%d: %s", w.Code, w.Body.String())
 	}
@@ -410,11 +411,11 @@ func TestExternalMCPHandler_GetExternalMCP_NotFound(t *testing.T) {
 func TestExternalMCPHandler_DeleteExternalMCP_NotFound(t *testing.T) {
 	router, _, configPath := setupTestRouter()
 	defer cleanupTestConfig(configPath)
-	
+
 	req := httptest.NewRequest("DELETE", "/api/external-mcp/nonexistent", nil)
 	w := httptest.NewRecorder()
 	router.ServeHTTP(w, req)
-	
+
 	// 删除不存在的配置可能返回200（幂等操作）或404，都是合理的
 	if w.Code != http.StatusNotFound && w.Code != http.StatusOK {
 		t.Errorf("期望状态码404或200，实际%d: %s", w.Code, w.Body.String())
@@ -423,23 +424,23 @@ func TestExternalMCPHandler_DeleteExternalMCP_NotFound(t *testing.T) {
 func TestExternalMCPHandler_AddOrUpdateExternalMCP_EmptyName(t *testing.T) {
 	router, _, _ := setupTestRouter()
-	
+
 	configObj := config.ExternalMCPServerConfig{
 		Command: "python3",
 		Enabled: true,
 	}
-	
+
 	reqBody := AddOrUpdateExternalMCPRequest{
 		Config: configObj,
 	}
-	
+
 	body, _ := json.Marshal(reqBody)
 	req := httptest.NewRequest("PUT", "/api/external-mcp/", bytes.NewBuffer(body))
 	req.Header.Set("Content-Type", "application/json")
 	w := httptest.NewRecorder()
-	
+
 	router.ServeHTTP(w, req)
-	
+
 	// 空名称应该返回404或400
 	if w.Code != http.StatusNotFound && w.Code != http.StatusBadRequest {
 		t.Errorf("期望状态码404或400，实际%d: %s", w.Code, w.Body.String())
@@ -448,15 +449,15 @@ func TestExternalMCPHandler_AddOrUpdateExternalMCP_EmptyName(t *testing.T) {
 func TestExternalMCPHandler_AddOrUpdateExternalMCP_InvalidJSON(t *testing.T) {
 	router, _, _ := setupTestRouter()
-	
+
 	// 发送无效的JSON
 	body := []byte(`{"config": invalid json}`)
 	req := httptest.NewRequest("PUT", "/api/external-mcp/test", bytes.NewBuffer(body))
 	req.Header.Set("Content-Type", "application/json")
 	w := httptest.NewRecorder()
-	
+
 	router.ServeHTTP(w, req)
-	
+
 	if w.Code != http.StatusBadRequest {
 		t.Errorf("期望状态码400，实际%d: %s", w.Code, w.Body.String())
 	}
@@ -465,49 +466,49 @@ func TestExternalMCPHandler_AddOrUpdateExternalMCP_InvalidJSON(t *testing.T) {
 func TestExternalMCPHandler_UpdateExistingConfig(t *testing.T) {
 	router, handler, configPath := setupTestRouter()
 	defer cleanupTestConfig(configPath)
-	
+
 	// 先添加配置
 	config1 := config.ExternalMCPServerConfig{
 		Command: "python3",
 		Enabled: true,
 	}
 	handler.manager.AddOrUpdateConfig("test-update", config1)
-	
+
 	// 更新配置
 	config2 := config.ExternalMCPServerConfig{
 		URL:     "http://127.0.0.1:8081/mcp",
 		Enabled: true,
 	}
-	
+
 	reqBody := AddOrUpdateExternalMCPRequest{
 		Config: config2,
 	}
-	
+
 	body, _ := json.Marshal(reqBody)
 	req := httptest.NewRequest("PUT", "/api/external-mcp/test-update", bytes.NewBuffer(body))
 	req.Header.Set("Content-Type", "application/json")
 	w := httptest.NewRecorder()
-	
+
 	router.ServeHTTP(w, req)
-	
+
 	if w.Code != http.StatusOK {
 		t.Fatalf("期望状态码200，实际%d: %s", w.Code, w.Body.String())
 	}
-	
+
 	// 验证配置已更新
 	req2 := httptest.NewRequest("GET", "/api/external-mcp/test-update", nil)
 	w2 := httptest.NewRecorder()
 	router.ServeHTTP(w2, req2)
-	
+
 	if w2.Code != http.StatusOK {
 		t.Fatalf("期望状态码200，实际%d: %s", w2.Code, w2.Body.String())
 	}
-	
+
 	var response ExternalMCPResponse
 	if err := json.Unmarshal(w2.Body.Bytes(), &response); err != nil {
 		t.Fatalf("解析响应失败: %v", err)
 	}
-	
+
 	if response.Config.URL != "http://127.0.0.1:8081/mcp" {
 		t.Errorf("期望url为'http://127.0.0.1:8081/mcp'，实际%s", response.Config.URL)
 	}
@@ -515,4 +516,3 @@ func TestExternalMCPHandler_UpdateExistingConfig(t *testing.T) {
 		t.Errorf("期望command为空，实际%s", response.Config.Command)
 	}
 }
@@ -0,0 +1,223 @@
 package handler
 import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
 	"os"
 	"strings"
 	"time"
 	"cyberstrike-ai/internal/config"
 	"github.com/gin-gonic/gin"
 	"go.uber.org/zap"
 )
 type FofaHandler struct {
 	cfg    *config.Config
 	logger *zap.Logger
 	client *http.Client
 }
 func NewFofaHandler(cfg *config.Config, logger *zap.Logger) *FofaHandler {
 	return &FofaHandler{
 		cfg:    cfg,
 		logger: logger,
 		client: &http.Client{Timeout: 30 * time.Second},
 	}
 }
 type fofaSearchRequest struct {
 	Query  string `json:"query" binding:"required"`
 	Size   int    `json:"size,omitempty"`
 	Page   int    `json:"page,omitempty"`
 	Fields string `json:"fields,omitempty"`
 	Full   bool   `json:"full,omitempty"`
 }
 type fofaAPIResponse struct {
 	Error   bool            `json:"error"`
 	ErrMsg  string          `json:"errmsg"`
 	Size    int             `json:"size"`
 	Page    int             `json:"page"`
 	Total   int             `json:"total"`
 	Mode    string          `json:"mode"`
 	Query   string          `json:"query"`
 	Results [][]interface{} `json:"results"`
 }
 type fofaSearchResponse struct {
 	Query        string                   `json:"query"`
 	Size         int                      `json:"size"`
 	Page         int                      `json:"page"`
 	Total        int                      `json:"total"`
 	Fields       []string                 `json:"fields"`
 	ResultsCount int                      `json:"results_count"`
 	Results      []map[string]interface{} `json:"results"`
 }
 func (h *FofaHandler) resolveCredentials() (email, apiKey string) {
 	// 优先环境变量（便于容器部署），其次配置文件
 	email = strings.TrimSpace(os.Getenv("FOFA_EMAIL"))
 	apiKey = strings.TrimSpace(os.Getenv("FOFA_API_KEY"))
 	if email != "" && apiKey != "" {
 		return email, apiKey
 	}
 	if h.cfg != nil {
 		if email == "" {
 			email = strings.TrimSpace(h.cfg.FOFA.Email)
 		}
 		if apiKey == "" {
 			apiKey = strings.TrimSpace(h.cfg.FOFA.APIKey)
 		}
 	}
 	return email, apiKey
 }
 func (h *FofaHandler) resolveBaseURL() string {
 	if h.cfg != nil {
 		if v := strings.TrimSpace(h.cfg.FOFA.BaseURL); v != "" {
 			return v
 		}
 	}
 	return "https://fofa.info/api/v1/search/all"
 }
 // Search FOFA 查询（后端代理，避免前端暴露 key）
 func (h *FofaHandler) Search(c *gin.Context) {
 	var req fofaSearchRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "无效的请求参数: " + err.Error()})
 		return
 	}
 	req.Query = strings.TrimSpace(req.Query)
 	if req.Query == "" {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "query 不能为空"})
 		return
 	}
 	if req.Size <= 0 {
 		req.Size = 100
 	}
 	if req.Page <= 0 {
 		req.Page = 1
 	}
 	// FOFA 接口 size 上限和账户权限相关，这里只做一个合理的保护
 	if req.Size > 10000 {
 		req.Size = 10000
 	}
 	if req.Fields == "" {
 		req.Fields = "host,ip,port,domain,title,protocol,country,province,city,server"
 	}
 	email, apiKey := h.resolveCredentials()
 	if email == "" || apiKey == "" {
 		c.JSON(http.StatusBadRequest, gin.H{
 			"error":   "FOFA 未配置：请在系统设置中填写 FOFA Email/API Key，或设置环境变量 FOFA_EMAIL/FOFA_API_KEY",
 			"need":    []string{"fofa.email", "fofa.api_key"},
 			"env_key": []string{"FOFA_EMAIL", "FOFA_API_KEY"},
 		})
 		return
 	}
 	baseURL := h.resolveBaseURL()
 	qb64 := base64.StdEncoding.EncodeToString([]byte(req.Query))
 	u, err := url.Parse(baseURL)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "FOFA base_url 无效: " + err.Error()})
 		return
 	}
 	params := u.Query()
 	params.Set("email", email)
 	params.Set("key", apiKey)
 	params.Set("qbase64", qb64)
 	params.Set("size", fmt.Sprintf("%d", req.Size))
 	params.Set("page", fmt.Sprintf("%d", req.Page))
 	params.Set("fields", strings.TrimSpace(req.Fields))
 	if req.Full {
 		params.Set("full", "true")
 	} else {
 		// 明确传 false，便于排查
 		params.Set("full", "false")
 	}
 	u.RawQuery = params.Encode()
 	httpReq, err := http.NewRequestWithContext(c.Request.Context(), http.MethodGet, u.String(), nil)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "创建请求失败: " + err.Error()})
 		return
 	}
 	resp, err := h.client.Do(httpReq)
 	if err != nil {
 		c.JSON(http.StatusBadGateway, gin.H{"error": "请求 FOFA 失败: " + err.Error()})
 		return
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
 		c.JSON(http.StatusBadGateway, gin.H{"error": fmt.Sprintf("FOFA 返回非 2xx: %d", resp.StatusCode)})
 		return
 	}
 	var apiResp fofaAPIResponse
 	if err := json.NewDecoder(resp.Body).Decode(&apiResp); err != nil {
 		c.JSON(http.StatusBadGateway, gin.H{"error": "解析 FOFA 响应失败: " + err.Error()})
 		return
 	}
 	if apiResp.Error {
 		msg := strings.TrimSpace(apiResp.ErrMsg)
 		if msg == "" {
 			msg = "FOFA 返回错误"
 		}
 		c.JSON(http.StatusBadGateway, gin.H{"error": msg})
 		return
 	}
 	fields := splitAndCleanCSV(req.Fields)
 	results := make([]map[string]interface{}, 0, len(apiResp.Results))
 	for _, row := range apiResp.Results {
 		item := make(map[string]interface{}, len(fields))
 		for i, f := range fields {
 			if i < len(row) {
 				item[f] = row[i]
 			} else {
 				item[f] = nil
 			}
 		}
 		results = append(results, item)
 	}
 	c.JSON(http.StatusOK, fofaSearchResponse{
 		Query:        req.Query,
 		Size:         apiResp.Size,
 		Page:         apiResp.Page,
 		Total:        apiResp.Total,
 		Fields:       fields,
 		ResultsCount: len(results),
 		Results:      results,
 	})
 }
 func splitAndCleanCSV(s string) []string {
 	parts := strings.Split(s, ",")
 	out := make([]string, 0, len(parts))
 	seen := make(map[string]struct{}, len(parts))
 	for _, p := range parts {
 		v := strings.TrimSpace(p)
 		if v == "" {
 			continue
 		}
 		if _, ok := seen[v]; ok {
 			continue
 		}
 		seen[v] = struct{}{}
 		out = append(out, v)
 	}
 	return out
 }
@@ -15,11 +15,11 @@ import (
 // KnowledgeHandler 知识库处理器
 type KnowledgeHandler struct {
-	manager  *knowledge.Manager
+	manager   *knowledge.Manager
 	retriever *knowledge.Retriever
-	indexer  *knowledge.Indexer
+	indexer   *knowledge.Indexer
-	db       *database.DB
+	db        *database.DB
-	logger   *zap.Logger
+	logger    *zap.Logger
 }
 // NewKnowledgeHandler 创建新的知识库处理器
@@ -55,7 +55,7 @@ func (h *KnowledgeHandler) GetCategories(c *gin.Context) {
 func (h *KnowledgeHandler) GetItems(c *gin.Context) {
 	category := c.Query("category")
 	searchKeyword := c.Query("search") // 搜索关键字
-	
+
 	// 如果提供了搜索关键字，执行关键字搜索（在所有数据中搜索）
 	if searchKeyword != "" {
 		items, err := h.manager.SearchItemsByKeyword(searchKeyword, category)
@@ -102,10 +102,10 @@ func (h *KnowledgeHandler) GetItems(c *gin.Context) {
 		})
 		return
 	}
-	
+
 	// 分页模式：categoryPage=true 表示按分类分页，否则按项分页（向后兼容）
 	categoryPageMode := c.Query("categoryPage") != "false" // 默认使用分类分页
-	
+
 	// 分页参数
 	limit := 50 // 默认每页50条（分类分页时为分类数，项分页时为项数）
 	offset := 0
@@ -192,9 +192,9 @@ func (h *KnowledgeHandler) GetItems(c *gin.Context) {
 		}
 		c.JSON(http.StatusOK, gin.H{
-			"items": items,
+			"items":  items,
-			"total": total,
+			"total":  total,
-			"limit": limit,
+			"limit":  limit,
 			"offset": offset,
 		})
 	} else {
@@ -207,9 +207,9 @@ func (h *KnowledgeHandler) GetItems(c *gin.Context) {
 		}
 		c.JSON(http.StatusOK, gin.H{
-			"items": items,
+			"items":  items,
-			"total": total,
+			"total":  total,
-			"limit": limit,
+			"limit":  limit,
 			"offset": offset,
 		})
 	}
@@ -341,12 +341,12 @@ func (h *KnowledgeHandler) ScanKnowledgeBase(c *gin.Context) {
 		consecutiveFailures := 0
 		var firstFailureItemID string
 		var firstFailureError error
-		
+
 		for i, itemID := range itemsToIndex {
 			if err := h.indexer.IndexItem(ctx, itemID); err != nil {
 				failedCount++
 				consecutiveFailures++
-				
+
 				// 只在第一个失败时记录详细日志
 				if consecutiveFailures == 1 {
 					firstFailureItemID = itemID
@@ -357,7 +357,7 @@ func (h *KnowledgeHandler) ScanKnowledgeBase(c *gin.Context) {
 						zap.Error(err),
 					)
 				}
-				
+
 				// 如果连续失败2次，立即停止增量索引
 				if consecutiveFailures >= 2 {
 					h.logger.Error("连续索引失败次数过多，立即停止增量索引",
@@ -371,14 +371,14 @@ func (h *KnowledgeHandler) ScanKnowledgeBase(c *gin.Context) {
 				}
 				continue
 			}
-			
+
 			// 成功时重置连续失败计数
 			if consecutiveFailures > 0 {
 				consecutiveFailures = 0
 				firstFailureItemID = ""
 				firstFailureError = nil
 			}
-			
+
 			// 减少进度日志频率
 			if (i+1)%10 == 0 || i+1 == len(itemsToIndex) {
 				h.logger.Info("索引进度", zap.Int("current", i+1), zap.Int("total", len(itemsToIndex)), zap.Int("failed", failedCount))
@@ -388,7 +388,7 @@ func (h *KnowledgeHandler) ScanKnowledgeBase(c *gin.Context) {
 	}()
 	c.JSON(http.StatusOK, gin.H{
-		"message":      fmt.Sprintf("扫描完成，开始索引 %d 个新添加或更新的知识项", len(itemsToIndex)),
+		"message":        fmt.Sprintf("扫描完成，开始索引 %d 个新添加或更新的知识项", len(itemsToIndex)),
 		"items_to_index": len(itemsToIndex),
 	})
 }
@@ -470,10 +470,25 @@ func (h *KnowledgeHandler) Search(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"results": results})
 }
 // GetStats 获取知识库统计信息
 func (h *KnowledgeHandler) GetStats(c *gin.Context) {
 	totalCategories, totalItems, err := h.manager.GetStats()
 	if err != nil {
 		h.logger.Error("获取知识库统计信息失败", zap.Error(err))
 		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
 	c.JSON(http.StatusOK, gin.H{
 		"enabled":          true,
 		"total_categories": totalCategories,
 		"total_items":      totalItems,
 	})
 }
 // 辅助函数：解析整数
 func parseInt(s string) (int, error) {
 	var result int
 	_, err := fmt.Sscanf(s, "%d", &result)
 	return result, err
 }
@@ -1309,7 +1309,7 @@ func (h *OpenAPIHandler) GetOpenAPISpec(c *gin.Context) {
 			},
 			"/api/conversations/{id}/results": map[string]interface{}{
 				"get": map[string]interface{}{
-					"tags":        []string{"结果查询"},
+					"tags":        []string{"对话管理"},
 					"summary":     "获取对话结果",
 					"description": "获取指定对话的执行结果，包括消息、漏洞信息和执行结果",
 					"operationId": "getConversationResults",
@@ -153,6 +153,25 @@ func (m *Manager) GetCategories() ([]string, error) {
 	return categories, nil
 }
 // GetStats 获取知识库统计信息
 func (m *Manager) GetStats() (int, int, error) {
 	// 获取分类总数
 	categories, err := m.GetCategories()
 	if err != nil {
 		return 0, 0, fmt.Errorf("获取分类失败: %w", err)
 	}
 	totalCategories := len(categories)
 	// 获取知识项总数
 	var totalItems int
 	err = m.db.QueryRow("SELECT COUNT(*) FROM knowledge_base_items").Scan(&totalItems)
 	if err != nil {
 		return totalCategories, 0, fmt.Errorf("获取知识项总数失败: %w", err)
 	}
 	return totalCategories, totalItems, nil
 }
 // GetCategoriesWithItems 按分类分页获取知识项（每个分类包含其下的所有知识项）
 // limit: 每页分类数量（0表示不限制）
 // offset: 偏移量（按分类偏移）
@@ -359,7 +378,7 @@ func (m *Manager) SearchItemsByKeyword(keyword string, category string) ([]*Know
 	// SQLite的LIKE不区分大小写，使用COLLATE NOCASE或LOWER()函数
 	// 使用%keyword%进行模糊匹配
 	searchPattern := "%" + keyword + "%"
-	
+
 	query = `
 		SELECT id, category, title, file_path, created_at, updated_at 
 		FROM knowledge_base_items 
@@ -0,0 +1,551 @@
 // Package mcp 外部 MCP 客户端 - 基于官方 go-sdk 实现，保证协议兼容性
 package mcp
 import (
 	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"os"
 	"os/exec"
 	"strings"
 	"sync"
 	"time"
 	"cyberstrike-ai/internal/config"
 	"github.com/google/uuid"
 	"github.com/modelcontextprotocol/go-sdk/mcp"
 	"go.uber.org/zap"
 )
 const (
 	clientName    = "CyberStrikeAI"
 	clientVersion = "1.0.0"
 )
 // sdkClient 基于官方 MCP Go SDK 的外部 MCP 客户端，实现 ExternalMCPClient 接口
 type sdkClient struct {
 	session *mcp.ClientSession
 	client  *mcp.Client
 	logger  *zap.Logger
 	mu      sync.RWMutex
 	status  string // "disconnected", "connecting", "connected", "error"
 }
 // newSDKClientFromSession 用已连接成功的 session 构造（供 createSDKClient 内部使用）
 func newSDKClientFromSession(session *mcp.ClientSession, client *mcp.Client, logger *zap.Logger) *sdkClient {
 	return &sdkClient{
 		session: session,
 		client:  client,
 		logger:  logger,
 		status:  "connected",
 	}
 }
 // lazySDKClient 延迟连接：Initialize() 时才调用官方 SDK 建立连接，对外实现 ExternalMCPClient
 type lazySDKClient struct {
 	serverCfg config.ExternalMCPServerConfig
 	logger    *zap.Logger
 	inner     ExternalMCPClient // 连接成功后为 *sdkClient
 	mu        sync.RWMutex
 	status    string
 }
 func newLazySDKClient(serverCfg config.ExternalMCPServerConfig, logger *zap.Logger) *lazySDKClient {
 	return &lazySDKClient{
 		serverCfg: serverCfg,
 		logger:    logger,
 		status:    "connecting",
 	}
 }
 func (c *lazySDKClient) setStatus(s string) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	c.status = s
 }
 func (c *lazySDKClient) GetStatus() string {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
 	if c.inner != nil {
 		return c.inner.GetStatus()
 	}
 	return c.status
 }
 func (c *lazySDKClient) IsConnected() bool {
 	c.mu.RLock()
 	inner := c.inner
 	c.mu.RUnlock()
 	if inner != nil {
 		return inner.IsConnected()
 	}
 	return false
 }
 func (c *lazySDKClient) Initialize(ctx context.Context) error {
 	c.mu.Lock()
 	if c.inner != nil {
 		c.mu.Unlock()
 		return nil
 	}
 	c.mu.Unlock()
 	inner, err := createSDKClient(ctx, c.serverCfg, c.logger)
 	if err != nil {
 		c.setStatus("error")
 		return err
 	}
 	c.mu.Lock()
 	c.inner = inner
 	c.mu.Unlock()
 	c.setStatus("connected")
 	return nil
 }
 func (c *lazySDKClient) ListTools(ctx context.Context) ([]Tool, error) {
 	c.mu.RLock()
 	inner := c.inner
 	c.mu.RUnlock()
 	if inner == nil {
 		return nil, fmt.Errorf("未连接")
 	}
 	return inner.ListTools(ctx)
 }
 func (c *lazySDKClient) CallTool(ctx context.Context, name string, args map[string]interface{}) (*ToolResult, error) {
 	c.mu.RLock()
 	inner := c.inner
 	c.mu.RUnlock()
 	if inner == nil {
 		return nil, fmt.Errorf("未连接")
 	}
 	return inner.CallTool(ctx, name, args)
 }
 func (c *lazySDKClient) Close() error {
 	c.mu.Lock()
 	inner := c.inner
 	c.inner = nil
 	c.mu.Unlock()
 	c.setStatus("disconnected")
 	if inner != nil {
 		return inner.Close()
 	}
 	return nil
 }
 func (c *sdkClient) setStatus(s string) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	c.status = s
 }
 func (c *sdkClient) GetStatus() string {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
 	return c.status
 }
 func (c *sdkClient) IsConnected() bool {
 	return c.GetStatus() == "connected"
 }
 func (c *sdkClient) Initialize(ctx context.Context) error {
 	// sdkClient 由 createSDKClient 在 Connect 成功后才创建，因此 Initialize 时已经连接
 	// 此方法仅用于满足 ExternalMCPClient 接口，实际连接在 createSDKClient 中完成
 	return nil
 }
 func (c *sdkClient) ListTools(ctx context.Context) ([]Tool, error) {
 	if c.session == nil {
 		return nil, fmt.Errorf("未连接")
 	}
 	res, err := c.session.ListTools(ctx, nil)
 	if err != nil {
 		return nil, err
 	}
 	if res == nil {
 		return nil, nil
 	}
 	return sdkToolsToOur(res.Tools), nil
 }
 func (c *sdkClient) CallTool(ctx context.Context, name string, args map[string]interface{}) (*ToolResult, error) {
 	if c.session == nil {
 		return nil, fmt.Errorf("未连接")
 	}
 	params := &mcp.CallToolParams{
 		Name:      name,
 		Arguments: args,
 	}
 	res, err := c.session.CallTool(ctx, params)
 	if err != nil {
 		return nil, err
 	}
 	return sdkCallToolResultToOurs(res), nil
 }
 func (c *sdkClient) Close() error {
 	c.setStatus("disconnected")
 	if c.session != nil {
 		err := c.session.Close()
 		c.session = nil
 		return err
 	}
 	return nil
 }
 // sdkToolsToOur 将 SDK 的 []*mcp.Tool 转为我们的 []Tool
 func sdkToolsToOur(tools []*mcp.Tool) []Tool {
 	if len(tools) == 0 {
 		return nil
 	}
 	out := make([]Tool, 0, len(tools))
 	for _, t := range tools {
 		if t == nil {
 			continue
 		}
 		schema := make(map[string]interface{})
 		if t.InputSchema != nil {
 			// SDK InputSchema 可能为 *jsonschema.Schema 或 map，统一转为 map
 			if m, ok := t.InputSchema.(map[string]interface{}); ok {
 				schema = m
 			} else {
 				_ = json.Unmarshal(mustJSON(t.InputSchema), &schema)
 			}
 		}
 		desc := t.Description
 		shortDesc := desc
 		if t.Annotations != nil && t.Annotations.Title != "" {
 			shortDesc = t.Annotations.Title
 		}
 		out = append(out, Tool{
 			Name:             t.Name,
 			Description:      desc,
 			ShortDescription: shortDesc,
 			InputSchema:      schema,
 		})
 	}
 	return out
 }
 // sdkCallToolResultToOurs 将 SDK 的 *mcp.CallToolResult 转为我们的 *ToolResult
 func sdkCallToolResultToOurs(res *mcp.CallToolResult) *ToolResult {
 	if res == nil {
 		return &ToolResult{Content: []Content{}}
 	}
 	content := sdkContentToOurs(res.Content)
 	return &ToolResult{
 		Content: content,
 		IsError: res.IsError,
 	}
 }
 func sdkContentToOurs(list []mcp.Content) []Content {
 	if len(list) == 0 {
 		return nil
 	}
 	out := make([]Content, 0, len(list))
 	for _, c := range list {
 		switch v := c.(type) {
 		case *mcp.TextContent:
 			out = append(out, Content{Type: "text", Text: v.Text})
 		default:
 			out = append(out, Content{Type: "text", Text: fmt.Sprintf("%v", c)})
 		}
 	}
 	return out
 }
 func mustJSON(v interface{}) []byte {
 	b, _ := json.Marshal(v)
 	return b
 }
 // simpleHTTPClient 简单 JSON-RPC over HTTP：每次请求一次 POST、响应在 body。实现 ExternalMCPClient。
 // 用于自建 MCP（如 http://127.0.0.1:8081/mcp）或其它仅支持简单 POST 的端点。
 type simpleHTTPClient struct {
 	url    string
 	client *http.Client
 	logger *zap.Logger
 	mu     sync.RWMutex
 	status string
 }
 func newSimpleHTTPClient(ctx context.Context, url string, timeout time.Duration, headers map[string]string, logger *zap.Logger) (ExternalMCPClient, error) {
 	c := &simpleHTTPClient{
 		url:    url,
 		client: httpClientWithTimeoutAndHeaders(timeout, headers),
 		logger: logger,
 		status: "connecting",
 	}
 	if err := c.initialize(ctx); err != nil {
 		return nil, err
 	}
 	c.mu.Lock()
 	c.status = "connected"
 	c.mu.Unlock()
 	return c, nil
 }
 func (c *simpleHTTPClient) setStatus(s string) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	c.status = s
 }
 func (c *simpleHTTPClient) GetStatus() string {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
 	return c.status
 }
 func (c *simpleHTTPClient) IsConnected() bool {
 	return c.GetStatus() == "connected"
 }
 func (c *simpleHTTPClient) Initialize(context.Context) error {
 	return nil // 已在 newSimpleHTTPClient 中完成
 }
 func (c *simpleHTTPClient) initialize(ctx context.Context) error {
 	params := InitializeRequest{
 		ProtocolVersion: ProtocolVersion,
 		Capabilities:    make(map[string]interface{}),
 		ClientInfo:      ClientInfo{Name: clientName, Version: clientVersion},
 	}
 	paramsJSON, _ := json.Marshal(params)
 	req := &Message{
 		ID:      MessageID{value: "1"},
 		Method:  "initialize",
 		Version: "2.0",
 		Params:  paramsJSON,
 	}
 	resp, err := c.sendRequest(ctx, req)
 	if err != nil {
 		return fmt.Errorf("initialize: %w", err)
 	}
 	if resp.Error != nil {
 		return fmt.Errorf("initialize: %s (code %d)", resp.Error.Message, resp.Error.Code)
 	}
 	// 发送 notifications/initialized（协议要求）
 	notify := &Message{
 		ID:      MessageID{value: nil},
 		Method:  "notifications/initialized",
 		Version: "2.0",
 		Params:  json.RawMessage("{}"),
 	}
 	_ = c.sendNotification(notify)
 	return nil
 }
 func (c *simpleHTTPClient) sendRequest(ctx context.Context, msg *Message) (*Message, error) {
 	body, err := json.Marshal(msg)
 	if err != nil {
 		return nil, err
 	}
 	httpReq, err := http.NewRequestWithContext(ctx, http.MethodPost, c.url, bytes.NewReader(body))
 	if err != nil {
 		return nil, err
 	}
 	httpReq.Header.Set("Content-Type", "application/json")
 	resp, err := c.client.Do(httpReq)
 	if err != nil {
 		return nil, err
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode != http.StatusOK {
 		b, _ := io.ReadAll(resp.Body)
 		return nil, fmt.Errorf("HTTP %d: %s", resp.StatusCode, string(b))
 	}
 	var out Message
 	if err := json.NewDecoder(resp.Body).Decode(&out); err != nil {
 		return nil, err
 	}
 	return &out, nil
 }
 func (c *simpleHTTPClient) sendNotification(msg *Message) error {
 	body, _ := json.Marshal(msg)
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 	httpReq, _ := http.NewRequestWithContext(ctx, http.MethodPost, c.url, bytes.NewReader(body))
 	httpReq.Header.Set("Content-Type", "application/json")
 	resp, err := c.client.Do(httpReq)
 	if err != nil {
 		return err
 	}
 	resp.Body.Close()
 	return nil
 }
 func (c *simpleHTTPClient) ListTools(ctx context.Context) ([]Tool, error) {
 	req := &Message{
 		ID:      MessageID{value: uuid.New().String()},
 		Method:  "tools/list",
 		Version: "2.0",
 		Params:  json.RawMessage("{}"),
 	}
 	resp, err := c.sendRequest(ctx, req)
 	if err != nil {
 		return nil, err
 	}
 	if resp.Error != nil {
 		return nil, fmt.Errorf("tools/list: %s (code %d)", resp.Error.Message, resp.Error.Code)
 	}
 	var listResp ListToolsResponse
 	if err := json.Unmarshal(resp.Result, &listResp); err != nil {
 		return nil, err
 	}
 	return listResp.Tools, nil
 }
 func (c *simpleHTTPClient) CallTool(ctx context.Context, name string, args map[string]interface{}) (*ToolResult, error) {
 	params := CallToolRequest{Name: name, Arguments: args}
 	paramsJSON, _ := json.Marshal(params)
 	req := &Message{
 		ID:      MessageID{value: uuid.New().String()},
 		Method:  "tools/call",
 		Version: "2.0",
 		Params:  paramsJSON,
 	}
 	resp, err := c.sendRequest(ctx, req)
 	if err != nil {
 		return nil, err
 	}
 	if resp.Error != nil {
 		return nil, fmt.Errorf("tools/call: %s (code %d)", resp.Error.Message, resp.Error.Code)
 	}
 	var callResp CallToolResponse
 	if err := json.Unmarshal(resp.Result, &callResp); err != nil {
 		return nil, err
 	}
 	return &ToolResult{Content: callResp.Content, IsError: callResp.IsError}, nil
 }
 func (c *simpleHTTPClient) Close() error {
 	c.setStatus("disconnected")
 	return nil
 }
 // createSDKClient 根据配置创建并连接外部 MCP 客户端（使用官方 SDK），返回实现 ExternalMCPClient 的 *sdkClient
 // 若连接失败返回 (nil, error)。ctx 用于连接超时与取消。
 func createSDKClient(ctx context.Context, serverCfg config.ExternalMCPServerConfig, logger *zap.Logger) (ExternalMCPClient, error) {
 	timeout := time.Duration(serverCfg.Timeout) * time.Second
 	if timeout <= 0 {
 		timeout = 30 * time.Second
 	}
 	transport := serverCfg.Transport
 	if transport == "" {
 		if serverCfg.Command != "" {
 			transport = "stdio"
 		} else if serverCfg.URL != "" {
 			transport = "http"
 		} else {
 			return nil, fmt.Errorf("配置缺少 command 或 url")
 		}
 	}
 	client := mcp.NewClient(&mcp.Implementation{
 		Name:    clientName,
 		Version: clientVersion,
 	}, nil)
 	var t mcp.Transport
 	switch transport {
 	case "stdio":
 		if serverCfg.Command == "" {
 			return nil, fmt.Errorf("stdio 模式需要配置 command")
 		}
 		// 必须用 exec.Command 而非 CommandContext：doConnect 返回后 ctx 会被 cancel，
 		// 若用 CommandContext(ctx) 会立刻杀掉子进程，导致 ListTools 等后续请求失败、显示 0 工具
 		cmd := exec.Command(serverCfg.Command, serverCfg.Args...)
 		if len(serverCfg.Env) > 0 {
 			cmd.Env = append(cmd.Env, envMapToSlice(serverCfg.Env)...)
 		}
 		t = &mcp.CommandTransport{Command: cmd}
 	case "sse":
 		if serverCfg.URL == "" {
 			return nil, fmt.Errorf("sse 模式需要配置 url")
 		}
 		httpClient := httpClientWithTimeoutAndHeaders(timeout, serverCfg.Headers)
 		t = &mcp.SSEClientTransport{
 			Endpoint:   serverCfg.URL,
 			HTTPClient: httpClient,
 		}
 	case "http":
 		if serverCfg.URL == "" {
 			return nil, fmt.Errorf("http 模式需要配置 url")
 		}
 		httpClient := httpClientWithTimeoutAndHeaders(timeout, serverCfg.Headers)
 		t = &mcp.StreamableClientTransport{
 			Endpoint:   serverCfg.URL,
 			HTTPClient: httpClient,
 		}
 	case "simple_http":
 		// 简单 JSON-RPC HTTP：每次请求一次 POST、响应在 body。用于自建 MCP 或兼容旧端点（如 http://127.0.0.1:8081/mcp）
 		if serverCfg.URL == "" {
 			return nil, fmt.Errorf("simple_http 模式需要配置 url")
 		}
 		return newSimpleHTTPClient(ctx, serverCfg.URL, timeout, serverCfg.Headers, logger)
 	default:
 		return nil, fmt.Errorf("不支持的传输模式: %s", transport)
 	}
 	session, err := client.Connect(ctx, t, nil)
 	if err != nil {
 		return nil, fmt.Errorf("连接失败: %w", err)
 	}
 	return newSDKClientFromSession(session, client, logger), nil
 }
 func envMapToSlice(env map[string]string) []string {
 	m := make(map[string]string)
 	for _, s := range os.Environ() {
 		if i := strings.IndexByte(s, '='); i > 0 {
 			m[s[:i]] = s[i+1:]
 		}
 	}
 	for k, v := range env {
 		m[k] = v
 	}
 	out := make([]string, 0, len(m))
 	for k, v := range m {
 		out = append(out, k+"="+v)
 	}
 	return out
 }
 func httpClientWithTimeoutAndHeaders(timeout time.Duration, headers map[string]string) *http.Client {
 	transport := http.DefaultTransport
 	if len(headers) > 0 {
 		transport = &headerRoundTripper{
 			headers: headers,
 			base:    http.DefaultTransport,
 		}
 	}
 	return &http.Client{
 		Timeout:   timeout,
 		Transport: transport,
 	}
 }
 type headerRoundTripper struct {
 	headers map[string]string
 	base    http.RoundTripper
 }
 func (h *headerRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
 	for k, v := range h.headers {
 		req.Header.Set(k, v)
 	}
 	return h.base.RoundTrip(req)
 }
@@ -25,6 +25,8 @@ type ExternalMCPManager struct {
 	errors       map[string]string         // 错误信息
 	toolCounts   map[string]int            // 工具数量缓存
 	toolCountsMu sync.RWMutex              // 工具数量缓存的锁
 	toolCache    map[string][]Tool         // 工具列表缓存：MCP名称 -> 工具列表
 	toolCacheMu  sync.RWMutex              // 工具列表缓存的锁
 	stopRefresh  chan struct{}             // 停止后台刷新的信号
 	refreshWg    sync.WaitGroup            // 等待后台刷新goroutine完成
 	mu           sync.RWMutex
@@ -46,6 +48,7 @@ func NewExternalMCPManagerWithStorage(logger *zap.Logger, storage MonitorStorage
 		stats:       make(map[string]*ToolStats),
 		errors:      make(map[string]string),
 		toolCounts:  make(map[string]int),
 		toolCache:   make(map[string][]Tool),
 		stopRefresh: make(chan struct{}),
 	}
 	// 启动后台刷新工具数量的goroutine
@@ -119,6 +122,11 @@ func (m *ExternalMCPManager) RemoveConfig(name string) error {
 	delete(m.toolCounts, name)
 	m.toolCountsMu.Unlock()
 	// 清理工具列表缓存
 	m.toolCacheMu.Lock()
 	delete(m.toolCache, name)
 	m.toolCacheMu.Unlock()
 	return nil
 }
@@ -196,8 +204,15 @@ func (m *ExternalMCPManager) StartClient(name string) error {
 			m.mu.Lock()
 			delete(m.errors, name)
 			m.mu.Unlock()
-			// 连接成功，立即刷新工具数量
+			// 立即刷新工具数量和工具列表缓存
 			m.triggerToolCountRefresh()
 			m.refreshToolCache(name, client)
 			// 2 秒后再刷新一次，覆盖 SSE/Streamable 等需稍等就绪的远端
 			go func() {
 				time.Sleep(2 * time.Second)
 				m.triggerToolCountRefresh()
 				m.refreshToolCache(name, client)
 			}()
 		}
 	}()
@@ -253,6 +268,11 @@ func (m *ExternalMCPManager) GetError(name string) string {
 }
 // GetAllTools 获取所有外部MCP的工具
 // 优先从已连接的客户端获取，如果连接断开则返回缓存的工具列表
 // 策略：
 //   - error 状态：不使用缓存，直接跳过（配置错误或服务不可用）
 //   - disconnected/connecting 状态：使用缓存（临时断开）
 //   - connected 状态：正常获取，失败时降级使用缓存
 func (m *ExternalMCPManager) GetAllTools(ctx context.Context) ([]Tool, error) {
 	m.mu.RLock()
 	clients := make(map[string]ExternalMCPClient)
@@ -262,17 +282,21 @@ func (m *ExternalMCPManager) GetAllTools(ctx context.Context) ([]Tool, error) {
 	m.mu.RUnlock()
 	var allTools []Tool
-	for name, client := range clients {
+	var hasError bool
-		if !client.IsConnected() {
+	var lastError error
 			continue
 		}
-		tools, err := client.ListTools(ctx)
+	// 使用较短的超时时间进行快速检查（3秒），避免阻塞
 	quickCtx, quickCancel := context.WithTimeout(ctx, 3*time.Second)
 	defer quickCancel()
 	for name, client := range clients {
 		tools, err := m.getToolsForClient(name, client, quickCtx)
 		if err != nil {
-			m.logger.Warn("获取外部MCP工具列表失败",
+			// 记录错误，但继续处理其他客户端
-				zap.String("name", name),
+			hasError = true
-				zap.Error(err),
+			if lastError == nil {
-			)
+				lastError = err
 			}
 			continue
 		}
@@ -283,9 +307,97 @@ func (m *ExternalMCPManager) GetAllTools(ctx context.Context) ([]Tool, error) {
 		}
 	}
 	// 如果有错误但至少返回了一些工具，不返回错误（部分成功）
 	if hasError && len(allTools) == 0 {
 		return nil, fmt.Errorf("获取外部MCP工具失败: %w", lastError)
 	}
 	return allTools, nil
 }
 // getToolsForClient 获取指定客户端的工具列表
 // 返回工具列表和错误（如果完全无法获取）
 func (m *ExternalMCPManager) getToolsForClient(name string, client ExternalMCPClient, ctx context.Context) ([]Tool, error) {
 	status := client.GetStatus()
 	// error 状态：不使用缓存，直接返回错误
 	if status == "error" {
 		m.logger.Debug("跳过连接失败的外部MCP（不使用缓存）",
 			zap.String("name", name),
 			zap.String("status", status),
 		)
 		return nil, fmt.Errorf("外部MCP连接失败: %s", name)
 	}
 	// 已连接：尝试获取最新工具列表
 	if client.IsConnected() {
 		tools, err := client.ListTools(ctx)
 		if err != nil {
 			// 获取失败，尝试使用缓存
 			return m.getCachedTools(name, "连接正常但获取失败", err)
 		}
 		// 获取成功，更新缓存
 		m.updateToolCache(name, tools)
 		return tools, nil
 	}
 	// 未连接：根据状态决定是否使用缓存
 	if status == "disconnected" || status == "connecting" {
 		return m.getCachedTools(name, fmt.Sprintf("客户端临时断开（状态: %s）", status), nil)
 	}
 	// 其他未知状态，不使用缓存
 	m.logger.Debug("跳过外部MCP（未知状态）",
 		zap.String("name", name),
 		zap.String("status", status),
 	)
 	return nil, fmt.Errorf("外部MCP状态未知: %s (状态: %s)", name, status)
 }
 // getCachedTools 获取缓存的工具列表
 func (m *ExternalMCPManager) getCachedTools(name, reason string, originalErr error) ([]Tool, error) {
 	m.toolCacheMu.RLock()
 	cachedTools, hasCache := m.toolCache[name]
 	m.toolCacheMu.RUnlock()
 	if hasCache && len(cachedTools) > 0 {
 		m.logger.Debug("使用缓存的工具列表",
 			zap.String("name", name),
 			zap.String("reason", reason),
 			zap.Int("count", len(cachedTools)),
 			zap.Error(originalErr),
 		)
 		return cachedTools, nil
 	}
 	// 无缓存，返回错误
 	if originalErr != nil {
 		return nil, fmt.Errorf("获取外部MCP工具失败且无缓存: %w", originalErr)
 	}
 	return nil, fmt.Errorf("外部MCP无缓存工具: %s", name)
 }
 // updateToolCache 更新工具列表缓存
 func (m *ExternalMCPManager) updateToolCache(name string, tools []Tool) {
 	m.toolCacheMu.Lock()
 	m.toolCache[name] = tools
 	m.toolCacheMu.Unlock()
 	// 如果返回空列表，记录警告
 	if len(tools) == 0 {
 		m.logger.Warn("外部MCP返回空工具列表",
 			zap.String("name", name),
 			zap.String("hint", "服务可能暂时不可用，工具列表为空"),
 		)
 	} else {
 		m.logger.Debug("工具列表缓存已更新",
 			zap.String("name", name),
 			zap.Int("count", len(tools)),
 		)
 	}
 }
 // CallTool 调用外部MCP工具（返回执行ID）
 func (m *ExternalMCPManager) CallTool(ctx context.Context, toolName string, args map[string]interface{}) (*ToolResult, string, error) {
 	// 解析工具名称：name::toolName
@@ -302,8 +414,18 @@ func (m *ExternalMCPManager) CallTool(ctx context.Context, toolName string, args
 		return nil, "", fmt.Errorf("外部MCP客户端不存在: %s", mcpName)
 	}
 	// 检查连接状态，如果未连接或状态为error，不允许调用
 	if !client.IsConnected() {
-		return nil, "", fmt.Errorf("外部MCP客户端未连接: %s", mcpName)
+		status := client.GetStatus()
 		if status == "error" {
 			// 获取错误信息（如果有）
 			errorMsg := m.GetError(mcpName)
 			if errorMsg != "" {
 				return nil, "", fmt.Errorf("外部MCP连接失败: %s (错误: %s)", mcpName, errorMsg)
 			}
 			return nil, "", fmt.Errorf("外部MCP连接失败: %s", mcpName)
 		}
 		return nil, "", fmt.Errorf("外部MCP客户端未连接: %s (状态: %s)", mcpName, status)
 	}
 	// 创建执行记录
@@ -630,11 +752,20 @@ func (m *ExternalMCPManager) refreshToolCounts() {
 			cancel()
 			if err != nil {
-				m.logger.Debug("获取外部MCP工具数量失败",
+				errStr := err.Error()
-					zap.String("name", n),
+				// SSE 连接 EOF：远端可能关闭了流或未按规范在流上推送响应，仅首次用 Warn 提示
-					zap.Error(err),
+				if strings.Contains(errStr, "EOF") || strings.Contains(errStr, "client is closing") {
-				)
+					m.logger.Warn("获取外部MCP工具数量失败（SSE 流已关闭或服务端未在流上返回 tools/list 响应）",
-				// 如果获取失败，保留旧值（在更新时处理）
+						zap.String("name", n),
 						zap.String("hint", "若为 SSE 连接，请确认服务端保持 GET 流打开并按 MCP 规范以 event: message 推送 JSON-RPC 响应"),
 						zap.Error(err),
 					)
 				} else {
 					m.logger.Warn("获取外部MCP工具数量失败，请检查连接或服务端 tools/list",
 						zap.String("name", n),
 						zap.Error(err),
 					)
 				}
 				resultChan <- countResult{name: n, count: -1} // -1 表示使用旧值
 				return
 			}
@@ -680,6 +811,40 @@ func (m *ExternalMCPManager) refreshToolCounts() {
 	m.toolCountsMu.Unlock()
 }
 // refreshToolCache 刷新指定MCP的工具列表缓存
 func (m *ExternalMCPManager) refreshToolCache(name string, client ExternalMCPClient) {
 	if !client.IsConnected() {
 		return
 	}
 	// 检查状态，如果是error状态，不更新缓存
 	status := client.GetStatus()
 	if status == "error" {
 		m.logger.Debug("跳过刷新工具列表缓存（连接失败）",
 			zap.String("name", name),
 			zap.String("status", status),
 		)
 		return
 	}
 	// 使用较短的超时时间（5秒）
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 	tools, err := client.ListTools(ctx)
 	if err != nil {
 		m.logger.Debug("刷新工具列表缓存失败",
 			zap.String("name", name),
 			zap.Error(err),
 		)
 		// 刷新失败时不更新缓存，保留旧缓存（如果有）
 		return
 	}
 	// 使用统一的缓存更新方法
 	m.updateToolCache(name, tools)
 }
 // startToolCountRefresh 启动后台刷新工具数量的goroutine
 func (m *ExternalMCPManager) startToolCountRefresh() {
 	m.refreshWg.Add(1)
@@ -707,21 +872,13 @@ func (m *ExternalMCPManager) triggerToolCountRefresh() {
 	go m.refreshToolCounts()
 }
-// createClient 创建客户端（不连接）
+// createClient 创建客户端（不连接）。统一使用官方 MCP Go SDK 的 lazy 客户端，连接在 Initialize 时完成。
 func (m *ExternalMCPManager) createClient(serverCfg config.ExternalMCPServerConfig) ExternalMCPClient {
 	timeout := time.Duration(serverCfg.Timeout) * time.Second
 	if timeout <= 0 {
 		timeout = 30 * time.Second
 	}
 	// 根据传输模式创建客户端
 	transport := serverCfg.Transport
 	if transport == "" {
 		// 如果没有指定transport，根据是否有command或url判断
 		if serverCfg.Command != "" {
 			transport = "stdio"
 		} else if serverCfg.URL != "" {
 			// 默认使用http，但可以通过transport字段指定sse
 			transport = "http"
 		} else {
 			return nil
@@ -733,17 +890,23 @@ func (m *ExternalMCPManager) createClient(serverCfg config.ExternalMCPServerConf
 		if serverCfg.URL == "" {
 			return nil
 		}
-		return NewHTTPMCPClient(serverCfg.URL, timeout, m.logger)
+		return newLazySDKClient(serverCfg, m.logger)
 	case "simple_http":
 		// 简单 HTTP（一次 POST 一次响应），用于自建 MCP 等
 		if serverCfg.URL == "" {
 			return nil
 		}
 		return newLazySDKClient(serverCfg, m.logger)
 	case "stdio":
 		if serverCfg.Command == "" {
 			return nil
 		}
-		return NewStdioMCPClient(serverCfg.Command, serverCfg.Args, serverCfg.Env, timeout, m.logger)
+		return newLazySDKClient(serverCfg, m.logger)
 	case "sse":
 		if serverCfg.URL == "" {
 			return nil
 		}
-		return NewSSEMCPClient(serverCfg.URL, timeout, m.logger)
+		return newLazySDKClient(serverCfg, m.logger)
 	default:
 		return nil
 	}
@@ -773,12 +936,7 @@ func (m *ExternalMCPManager) doConnect(name string, serverCfg config.ExternalMCP
 // setClientStatus 设置客户端状态（通过类型断言）
 func (m *ExternalMCPManager) setClientStatus(client ExternalMCPClient, status string) {
-	switch c := client.(type) {
+	if c, ok := client.(*lazySDKClient); ok {
 	case *HTTPMCPClient:
 		c.setStatus(status)
 	case *StdioMCPClient:
 		c.setStatus(status)
 	case *SSEMCPClient:
 		c.setStatus(status)
 	}
 }
@@ -819,8 +977,13 @@ func (m *ExternalMCPManager) connectClient(name string, serverCfg config.Externa
 		zap.String("name", name),
 	)
-	// 连接成功，触发工具数量刷新
+	// 连接成功，触发工具数量刷新和工具列表缓存刷新
 	m.triggerToolCountRefresh()
 	m.mu.RLock()
 	if client, exists := m.clients[name]; exists {
 		m.refreshToolCache(name, client)
 	}
 	m.mu.RUnlock()
 	return nil
 }
@@ -926,6 +1089,11 @@ func (m *ExternalMCPManager) StopAll() {
 	m.toolCounts = make(map[string]int)
 	m.toolCountsMu.Unlock()
 	// 清理所有工具列表缓存
 	m.toolCacheMu.Lock()
 	m.toolCache = make(map[string][]Tool)
 	m.toolCacheMu.Unlock()
 	// 停止后台刷新（使用 select 避免重复关闭 channel）
 	select {
 	case <-m.stopRefresh:
@@ -151,48 +151,26 @@ func TestExternalMCPManager_LoadConfigs(t *testing.T) {
 	}
 }
-func TestHTTPMCPClient_Initialize(t *testing.T) {
+// TestLazySDKClient_InitializeFails 验证无效配置时 SDK 客户端 Initialize 失败并设置 error 状态
-	// 注意：这个测试需要一个真实的HTTP MCP服务器
+func TestLazySDKClient_InitializeFails(t *testing.T) {
 	// 如果没有服务器，这个测试会失败
 	// 在实际测试中，可以使用mock服务器
 	logger := zap.NewNop()
-	client := NewHTTPMCPClient("http://127.0.0.1:8081/mcp", 5*time.Second, logger)
+	// 使用不存在的 HTTP 地址，Initialize 应失败
-
+	cfg := config.ExternalMCPServerConfig{
 		Transport: "http",
 		URL:       "http://127.0.0.1:19999/nonexistent",
 		Timeout:   2,
 	}
 	c := newLazySDKClient(cfg, logger)
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
-
+	err := c.Initialize(ctx)
-	// 这个测试可能会失败，如果没有真实的服务器
+	if err == nil {
-	// 在实际环境中，应该使用mock服务器
+		t.Fatal("expected error when connecting to invalid server")
 	err := client.Initialize(ctx)
 	if err != nil {
 		t.Logf("初始化失败（可能是没有服务器）: %v", err)
 	}
-
+	if c.GetStatus() != "error" {
-	status := client.GetStatus()
+		t.Errorf("expected status error, got %s", c.GetStatus())
 	if status == "" {
 		t.Error("状态不应该为空")
 	}
-
+	c.Close()
 	client.Close()
 }
 func TestStdioMCPClient_Initialize(t *testing.T) {
 	// 注意：这个测试需要一个真实的stdio MCP服务器
 	// 如果没有服务器，这个测试会失败
 	logger := zap.NewNop()
 	client := NewStdioMCPClient("echo", []string{"test"}, nil, 5*time.Second, logger)
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 	// 这个测试可能会失败，因为echo不是MCP服务器
 	// 在实际环境中，应该使用真实的MCP服务器或mock
 	err := client.Initialize(ctx)
 	if err != nil {
 		t.Logf("初始化失败（echo不是MCP服务器）: %v", err)
 	}
 	client.Close()
 }
 func TestExternalMCPManager_StartStopClient(t *testing.T) {
@@ -1,6 +1,7 @@
 package mcp
 import (
 	"bufio"
 	"context"
 	"encoding/json"
 	"fmt"
@@ -125,6 +126,13 @@ func (s *Server) HandleHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// 官方 MCP SSE 规范：带 sessionid 的 POST 表示消息发往该 SSE 会话，响应通过 SSE 流返回
 	if sessionID := r.URL.Query().Get("sessionid"); sessionID != "" {
 		s.serveSSESessionMessage(w, r, sessionID)
 		return
 	}
 	// 简单 POST：请求体为 JSON-RPC，响应在 body 中返回
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		s.sendError(w, nil, -32700, "Parse error", err.Error())
@@ -137,14 +145,56 @@ func (s *Server) HandleHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// 处理消息
 	response := s.handleMessage(&msg)
 	w.Header().Set("Content-Type", "application/json")
 	json.NewEncoder(w).Encode(response)
 }
-// handleSSE 处理SSE连接（用于MCP HTTP传输的事件通道）
+// serveSSESessionMessage 处理发往 SSE 会话的 POST：读取 JSON-RPC 请求，处理后将响应通过该会话的 SSE 流推送
 func (s *Server) serveSSESessionMessage(w http.ResponseWriter, r *http.Request, sessionID string) {
 	s.mu.RLock()
 	client, exists := s.sseClients[sessionID]
 	s.mu.RUnlock()
 	if !exists || client == nil {
 		http.Error(w, "session not found", http.StatusNotFound)
 		return
 	}
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		http.Error(w, "failed to read body", http.StatusBadRequest)
 		return
 	}
 	var msg Message
 	if err := json.Unmarshal(body, &msg); err != nil {
 		http.Error(w, "failed to parse body", http.StatusBadRequest)
 		return
 	}
 	response := s.handleMessage(&msg)
 	if response == nil {
 		w.WriteHeader(http.StatusAccepted)
 		return
 	}
 	respBytes, err := json.Marshal(response)
 	if err != nil {
 		http.Error(w, "failed to encode response", http.StatusInternalServerError)
 		return
 	}
 	select {
 	case client.send <- respBytes:
 		w.WriteHeader(http.StatusAccepted)
 	default:
 		http.Error(w, "session send buffer full", http.StatusServiceUnavailable)
 	}
 }
 // handleSSE 处理 SSE 连接，兼容官方 MCP 2024-11-05 SSE 规范：
 // 1. 首个事件必须为 event: endpoint，data 为客户端 POST 消息的 URL（含 sessionid）
 // 2. 后续事件为 event: message，data 为 JSON-RPC 响应
 func (s *Server) handleSSE(w http.ResponseWriter, r *http.Request) {
 	flusher, ok := w.(http.Flusher)
 	if !ok {
@@ -157,16 +207,25 @@ func (s *Server) handleSSE(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Connection", "keep-alive")
 	w.Header().Set("X-Accel-Buffering", "no")
 	sessionID := uuid.New().String()
 	client := &sseClient{
-		id:   uuid.New().String(),
+		id:   sessionID,
-		send: make(chan []byte, 8),
+		send: make(chan []byte, 32),
 	}
 	s.addSSEClient(client)
 	defer s.removeSSEClient(client.id)
-	// 发送初始ready事件，告知客户端连接成功
+	// 官方规范：首个事件为 endpoint，data 为消息端点 URL（客户端将向该 URL POST 请求）
-	fmt.Fprintf(w, "event: message\ndata: {\"type\":\"ready\",\"status\":\"ok\"}\n\n")
+	scheme := "http"
 	if r.TLS != nil {
 		scheme = "https"
 	}
 	if r.URL.Scheme != "" {
 		scheme = r.URL.Scheme
 	}
 	endpointURL := fmt.Sprintf("%s://%s%s?sessionid=%s", scheme, r.Host, r.URL.Path, sessionID)
 	fmt.Fprintf(w, "event: endpoint\ndata: %s\n\n", endpointURL)
 	flusher.Flush()
 	ticker := time.NewTicker(15 * time.Second)
@@ -183,7 +242,6 @@ func (s *Server) handleSSE(w http.ResponseWriter, r *http.Request) {
 			fmt.Fprintf(w, "event: message\ndata: %s\n\n", msg)
 			flusher.Flush()
 		case <-ticker.C:
 			// 心跳保持连接
 			fmt.Fprintf(w, ": ping\n\n")
 			flusher.Flush()
 		}
@@ -311,6 +369,7 @@ func (s *Server) handleListTools(msg *Message) *Message {
 		tools = append(tools, tool)
 	}
 	s.mu.RUnlock()
 	s.logger.Debug("tools/list 请求", zap.Int("返回工具数", len(tools)))
 	response := ListToolsResponse{Tools: tools}
 	result, _ := json.Marshal(response)
@@ -1110,10 +1169,11 @@ func (s *Server) RegisterResource(resource *Resource) {
 }
 // HandleStdio 处理标准输入输出（用于 stdio 传输模式）
-// MCP 协议使用换行分隔的 JSON-RPC 消息
+// MCP 协议使用换行分隔的 JSON-RPC 消息；管道下需每次写入后 Flush，否则客户端会读不到响应
 func (s *Server) HandleStdio() error {
 	decoder := json.NewDecoder(os.Stdin)
-	encoder := json.NewEncoder(os.Stdout)
+	stdout := bufio.NewWriter(os.Stdout)
 	encoder := json.NewEncoder(stdout)
 	// 注意：不设置缩进，MCP 协议期望紧凑的 JSON 格式
 	for {
@@ -1134,6 +1194,9 @@ func (s *Server) HandleStdio() error {
 			if err := encoder.Encode(errorMsg); err != nil {
 				return fmt.Errorf("发送错误响应失败: %w", err)
 			}
 			if err := stdout.Flush(); err != nil {
 				return fmt.Errorf("刷新 stdout 失败: %w", err)
 			}
 			continue
 		}
@@ -1149,6 +1212,9 @@ func (s *Server) HandleStdio() error {
 		if err := encoder.Encode(response); err != nil {
 			return fmt.Errorf("发送响应失败: %w", err)
 		}
 		if err := stdout.Flush(); err != nil {
 			return fmt.Errorf("刷新 stdout 失败: %w", err)
 		}
 	}
 	return nil
@@ -1,11 +1,22 @@
 package mcp
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"time"
 )
 // ExternalMCPClient 外部 MCP 客户端接口（由 client_sdk.go 基于官方 SDK 实现）
 type ExternalMCPClient interface {
 	Initialize(ctx context.Context) error
 	ListTools(ctx context.Context) ([]Tool, error)
 	CallTool(ctx context.Context, name string, args map[string]interface{}) (*ToolResult, error)
 	Close() error
 	IsConnected() bool
 	GetStatus() string
 }
 // MCP消息类型
 const (
 	MessageTypeRequest  = "request"
@@ -29,21 +40,21 @@ func (m *MessageID) UnmarshalJSON(data []byte) error {
 		m.value = nil
 		return nil
 	}
-	
+
 	// 尝试解析为字符串
 	var str string
 	if err := json.Unmarshal(data, &str); err == nil {
 		m.value = str
 		return nil
 	}
-	
+
 	// 尝试解析为数字
 	var num json.Number
 	if err := json.Unmarshal(data, &num); err == nil {
 		m.value = num
 		return nil
 	}
-	
+
 	return fmt.Errorf("invalid id type")
 }
@@ -81,15 +92,15 @@ type Message struct {
 // Error 表示MCP错误
 type Error struct {
-	Code    int    `json:"code"`
+	Code    int         `json:"code"`
-	Message string `json:"message"`
+	Message string      `json:"message"`
 	Data    interface{} `json:"data,omitempty"`
 }
 // Tool 表示MCP工具定义
 type Tool struct {
 	Name             string                 `json:"name"`
-	Description      string                 `json:"description"`      // 详细描述
+	Description      string                 `json:"description"`                // 详细描述
 	ShortDescription string                 `json:"shortDescription,omitempty"` // 简短描述（用于工具列表，减少token消耗）
 	InputSchema      map[string]interface{} `json:"inputSchema"`
 }
@@ -127,9 +138,9 @@ type ClientInfo struct {
 // InitializeResponse 初始化响应
 type InitializeResponse struct {
-	ProtocolVersion string                 `json:"protocolVersion"`
+	ProtocolVersion string             `json:"protocolVersion"`
-	Capabilities    ServerCapabilities     `json:"capabilities"`
+	Capabilities    ServerCapabilities `json:"capabilities"`
-	ServerInfo      ServerInfo             `json:"serverInfo"`
+	ServerInfo      ServerInfo         `json:"serverInfo"`
 }
 // ServerCapabilities 服务器能力
@@ -178,31 +189,31 @@ type CallToolResponse struct {
 // ToolExecution 工具执行记录
 type ToolExecution struct {
-	ID          string                 `json:"id"`
+	ID        string                 `json:"id"`
-	ToolName    string                 `json:"toolName"`
+	ToolName  string                 `json:"toolName"`
-	Arguments   map[string]interface{} `json:"arguments"`
+	Arguments map[string]interface{} `json:"arguments"`
-	Status      string                 `json:"status"` // pending, running, completed, failed
+	Status    string                 `json:"status"` // pending, running, completed, failed
-	Result      *ToolResult            `json:"result,omitempty"`
+	Result    *ToolResult            `json:"result,omitempty"`
-	Error       string                 `json:"error,omitempty"`
+	Error     string                 `json:"error,omitempty"`
-	StartTime   time.Time              `json:"startTime"`
+	StartTime time.Time              `json:"startTime"`
-	EndTime     *time.Time             `json:"endTime,omitempty"`
+	EndTime   *time.Time             `json:"endTime,omitempty"`
-	Duration    time.Duration          `json:"duration,omitempty"`
+	Duration  time.Duration          `json:"duration,omitempty"`
 }
 // ToolStats 工具统计信息
 type ToolStats struct {
-	ToolName     string `json:"toolName"`
+	ToolName     string     `json:"toolName"`
-	TotalCalls   int    `json:"totalCalls"`
+	TotalCalls   int        `json:"totalCalls"`
-	SuccessCalls int    `json:"successCalls"`
+	SuccessCalls int        `json:"successCalls"`
-	FailedCalls  int    `json:"failedCalls"`
+	FailedCalls  int        `json:"failedCalls"`
 	LastCallTime *time.Time `json:"lastCallTime,omitempty"`
 }
 // Prompt 提示词模板
 type Prompt struct {
-	Name        string                 `json:"name"`
+	Name        string           `json:"name"`
-	Description string                 `json:"description,omitempty"`
+	Description string           `json:"description,omitempty"`
-	Arguments   []PromptArgument       `json:"arguments,omitempty"`
+	Arguments   []PromptArgument `json:"arguments,omitempty"`
 }
 // PromptArgument 提示词参数
@@ -257,11 +268,11 @@ type ResourceContent struct {
 // SamplingRequest 采样请求
 type SamplingRequest struct {
-	Messages []SamplingMessage `json:"messages"`
+	Messages    []SamplingMessage `json:"messages"`
-	Model    string            `json:"model,omitempty"`
+	Model       string            `json:"model,omitempty"`
-	MaxTokens int              `json:"maxTokens,omitempty"`
+	MaxTokens   int               `json:"maxTokens,omitempty"`
-	Temperature float64        `json:"temperature,omitempty"`
+	Temperature float64           `json:"temperature,omitempty"`
-	TopP       float64         `json:"topP,omitempty"`
+	TopP        float64           `json:"topP,omitempty"`
 }
 // SamplingMessage 采样消息
@@ -272,9 +283,9 @@ type SamplingMessage struct {
 // SamplingResponse 采样响应
 type SamplingResponse struct {
-	Content []SamplingContent `json:"content"`
+	Content    []SamplingContent `json:"content"`
-	Model   string            `json:"model,omitempty"`
+	Model      string            `json:"model,omitempty"`
-	StopReason string         `json:"stopReason,omitempty"`
+	StopReason string            `json:"stopReason,omitempty"`
 }
 // SamplingContent 采样内容
@@ -282,4 +293,3 @@ type SamplingContent struct {
 	Type string `json:"type"`
 	Text string `json:"text,omitempty"`
 }
@@ -224,22 +224,25 @@ func (e *Executor) RegisterTools(mcpServer *mcp.Server) {
 		toolName := toolConfig.Name
 		toolConfigCopy := toolConfig
-		// 使用简短描述（如果存在），否则使用详细描述的前100个字符
+		// 根据配置决定暴露给 AI/API 的描述：short_description 或 description
 		useFullDescription := strings.TrimSpace(strings.ToLower(e.config.ToolDescriptionMode)) == "full"
 		shortDesc := toolConfigCopy.ShortDescription
 		if shortDesc == "" {
-			// 如果没有简短描述，从详细描述中提取第一行或前100个字符
+			// 如果没有简短描述，从详细描述中提取第一行或前10000个字符
 			desc := toolConfigCopy.Description
-			if len(desc) > 100 {
+			if len(desc) > 10000 {
-				// 尝试找到第一个换行符
+				if idx := strings.Index(desc, "\n"); idx > 0 && idx < 10000 {
 				if idx := strings.Index(desc, "\n"); idx > 0 && idx < 100 {
 					shortDesc = strings.TrimSpace(desc[:idx])
 				} else {
-					shortDesc = desc[:100] + "..."
+					shortDesc = desc[:10000] + "..."
 				}
 			} else {
 				shortDesc = desc
 			}
 		}
 		if useFullDescription {
 			shortDesc = "" // 使用 description 时清空 ShortDescription，下游会回退到 Description
 		}
 		tool := mcp.Tool{
 			Name:             toolConfigCopy.Name,
@@ -303,7 +306,23 @@ func (e *Executor) buildCommandArgs(toolName string, toolConfig *config.ToolConf
 			}
 		}
-		// 先处理标志参数（对于大多数命令，标志应该在位置参数之前）
+		// 对于需要子命令的工具（如 gobuster dir），position 0 必须紧跟在命令名后、所有 flag 之前
 		for _, param := range positionalParams {
 			if param.Name == "additional_args" || param.Name == "scan_type" || param.Name == "action" {
 				continue
 			}
 			if param.Position != nil && *param.Position == 0 {
 				value := e.getParamValue(args, param)
 				if value == nil && param.Default != nil {
 					value = param.Default
 				}
 				if value != nil {
 					cmdArgs = append(cmdArgs, e.formatParamValue(param, value))
 				}
 				break
 			}
 		}
 		// 处理标志参数
 		for _, param := range flagParams {
 			// 跳过特殊参数，它们会在后面单独处理
@@ -416,7 +435,11 @@ func (e *Executor) buildCommandArgs(toolName string, toolConfig *config.ToolConf
 		}
 		// 按位置顺序处理参数，确保即使某些位置没有参数或使用默认值，也能正确传递
 		// position 0 已在前面插入（子命令优先），此处从 1 开始
 		for i := 0; i <= maxPosition; i++ {
 			if i == 0 {
 				continue
 			}
 			for _, param := range positionalParams {
 				// 跳过特殊参数，它们会在后面单独处理
 				// action 参数仅用于工具内部逻辑，不传递给命令
@@ -1190,7 +1213,15 @@ func (e *Executor) buildInputSchema(toolConfig *config.ToolConfig) map[string]in
 		required := []string{}
 		for _, param := range toolConfig.Parameters {
-			// 转换类型为OpenAI/JSON Schema标准类型
+			// 跳过 name 为空的参数（避免 YAML 中 name: null 或空导致非法 schema）
 			if strings.TrimSpace(param.Name) == "" {
 				e.logger.Debug("跳过无名称的参数",
 					zap.String("tool", toolConfig.Name),
 					zap.String("type", param.Type),
 				)
 				continue
 			}
 			// 转换类型为OpenAI/JSON Schema标准类型（空类型默认为 string）
 			openAIType := e.convertToOpenAIType(param.Type)
 			prop := map[string]interface{}{
@@ -1232,6 +1263,10 @@ func (e *Executor) buildInputSchema(toolConfig *config.ToolConfig) map[string]in
 // convertToOpenAIType 将配置中的类型转换为OpenAI/JSON Schema标准类型
 func (e *Executor) convertToOpenAIType(configType string) string {
 	// 空或 null 类型统一视为 string，避免非法 schema 导致工具调用失败
 	if strings.TrimSpace(configType) == "" {
 		return "string"
 	}
 	switch configType {
 	case "bool":
 		return "boolean"
@@ -12,3 +12,6 @@ uro>=1.0.2
 bloodhound>=1.6.1
 impacket>=0.11.0
 # MCP (Model Context Protocol) SDK
 mcp>=1.0.0
@@ -407,7 +407,7 @@ go run cmd/test-config/main.go
 ### Q: 参数顺序如何控制？
-A: 使用 `position` 字段控制位置参数的顺序。标志参数会按照在 `parameters` 列表中的顺序添加。`additional_args` 会追加到命令末尾。
+A: 使用 `position` 字段控制位置参数的顺序。**位置 0 的参数（如 gobuster 的 `dir` 子命令）会紧跟在命令名后、所有标志参数之前**，以便兼容需要“子命令 + 选项”形式的 CLI。其余标志参数按在 `parameters` 列表中的顺序添加，再按 position 1、2… 添加其余位置参数。`additional_args` 会追加到命令末尾。
 ## 工具配置模板
@@ -1,52 +0,0 @@
 name: "list-files"
 command: "ls"
 enabled: true
 short_description: "列出目录文件工具"
 description: |
  列出服务器上指定目录中的文件。
  **主要功能：**
  - 列出文件
  - 显示详细信息
  - 递归列出
  **使用场景：**
  - 目录浏览
  - 文件查找
  - 系统检查
 parameters:
  - name: "directory"
    type: "string"
    description: "要列出的目录（相对于服务器基础目录）"
    required: false
    default: "."
    position: 0
    format: "positional"
  - name: "long_format"
    type: "bool"
    description: "显示详细信息（长格式）"
    required: false
    flag: "-l"
    format: "flag"
    default: false
  - name: "recursive"
    type: "bool"
    description: "递归列出"
    required: false
    flag: "-R"
    format: "flag"
    default: false
  - name: "additional_args"
    type: "string"
    description: |
      额外的list-files参数。用于传递未在参数列表中定义的list-files选项。
      **示例值：**
      - 根据工具特性添加常用参数示例
      **注意事项：**
      - 多个参数用空格分隔
      - 确保参数格式正确，避免命令注入
      - 此参数会直接追加到命令末尾
    required: false
    format: "positional"
@@ -519,14 +519,18 @@ function renderTestSection(endpoint) {
                        </svg>
                        发送请求
                    </button>
-                    <button class="api-test-btn secondary" onclick="copyCurlCommand(event, '${method}', '${escapeHtml(path)}')" title="复制curl命令">
+                    <button class="api-test-btn copy-curl" onclick="copyCurlCommand(event, '${method}', '${escapeHtml(path)}')" title="复制curl命令">
                        <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
                            <rect x="9" y="9" width="13" height="13" rx="2" ry="2" stroke="currentColor" stroke-width="2"/>
                            <path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1" stroke="currentColor" stroke-width="2"/>
                        </svg>
                        复制curl
                    </button>
-                    <button class="api-test-btn secondary" onclick="clearTestResult('${escapeId(path)}-${method}')">
+                    <button class="api-test-btn clear-result" onclick="clearTestResult('${escapeId(path)}-${method}')" title="清除测试结果">
                        <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
                            <polyline points="3 6 5 6 21 6"/>
                            <path d="M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2"/>
                        </svg>
                        清除结果
                    </button>
                </div>
@@ -4994,9 +4994,25 @@ function closeBatchManageModal() {
 function showCreateGroupModal(andMoveConversation = false) {
    const modal = document.getElementById('create-group-modal');
    const input = document.getElementById('create-group-name-input');
    const iconBtn = document.getElementById('create-group-icon-btn');
    const iconPicker = document.getElementById('group-icon-picker');
    const customInput = document.getElementById('custom-icon-input');
    if (input) {
        input.value = '';
    }
    // 重置图标为默认值
    if (iconBtn) {
        iconBtn.textContent = '📁';
    }
    // 清空自定义图标输入框
    if (customInput) {
        customInput.value = '';
    }
    // 关闭图标选择器
    if (iconPicker) {
        iconPicker.style.display = 'none';
    }
    if (modal) {
        modal.style.display = 'flex';
        modal.dataset.moveConversation = andMoveConversation ? 'true' : 'false';
@@ -5016,6 +5032,21 @@ function closeCreateGroupModal() {
    if (input) {
        input.value = '';
    }
    // 重置图标为默认值
    const iconBtn = document.getElementById('create-group-icon-btn');
    if (iconBtn) {
        iconBtn.textContent = '📁';
    }
    // 清空自定义图标输入框
    const customInput = document.getElementById('custom-icon-input');
    if (customInput) {
        customInput.value = '';
    }
    // 关闭图标选择器
    const iconPicker = document.getElementById('group-icon-picker');
    if (iconPicker) {
        iconPicker.style.display = 'none';
    }
 }
 // 选择建议标签
@@ -5027,6 +5058,81 @@ function selectSuggestion(name) {
    }
 }
 // 切换图标选择器显示状态
 function toggleGroupIconPicker() {
    const picker = document.getElementById('group-icon-picker');
    if (picker) {
        const isVisible = picker.style.display !== 'none';
        picker.style.display = isVisible ? 'none' : 'block';
    }
 }
 // 选择分组图标
 function selectGroupIcon(icon) {
    const iconBtn = document.getElementById('create-group-icon-btn');
    if (iconBtn) {
        iconBtn.textContent = icon;
    }
    // 清空自定义输入框
    const customInput = document.getElementById('custom-icon-input');
    if (customInput) {
        customInput.value = '';
    }
    // 关闭选择器
    const picker = document.getElementById('group-icon-picker');
    if (picker) {
        picker.style.display = 'none';
    }
 }
 // 应用自定义图标
 function applyCustomIcon() {
    const customInput = document.getElementById('custom-icon-input');
    if (!customInput) return;
    const customIcon = customInput.value.trim();
    if (!customIcon) {
        return;
    }
    const iconBtn = document.getElementById('create-group-icon-btn');
    if (iconBtn) {
        iconBtn.textContent = customIcon;
    }
    // 清空输入框并关闭选择器
    customInput.value = '';
    const picker = document.getElementById('group-icon-picker');
    if (picker) {
        picker.style.display = 'none';
    }
 }
 // 自定义图标输入框回车键处理
 document.addEventListener('DOMContentLoaded', function() {
    const customInput = document.getElementById('custom-icon-input');
    if (customInput) {
        customInput.addEventListener('keydown', function(e) {
            if (e.key === 'Enter') {
                e.preventDefault();
                applyCustomIcon();
            }
        });
    }
 });
 // 点击外部关闭图标选择器
 document.addEventListener('click', function(event) {
    const picker = document.getElementById('group-icon-picker');
    const iconBtn = document.getElementById('create-group-icon-btn');
    if (picker && iconBtn) {
        // 如果点击的不是图标按钮和选择器本身，则关闭选择器
        if (!picker.contains(event.target) && !iconBtn.contains(event.target)) {
            picker.style.display = 'none';
        }
    }
 });
 // 创建分组
 async function createGroup(event) {
    // 阻止事件冒泡
@@ -5071,6 +5177,10 @@ async function createGroup(event) {
        console.error('检查分组名称失败:', error);
    }
    // 获取选中的图标
    const iconBtn = document.getElementById('create-group-icon-btn');
    const selectedIcon = iconBtn ? iconBtn.textContent.trim() : '📁';
    try {
        const response = await apiFetch('/api/groups', {
            method: 'POST',
@@ -5079,7 +5189,7 @@ async function createGroup(event) {
            },
            body: JSON.stringify({
                name: name,
-                icon: '📁',
+                icon: selectedIcon,
            }),
        });
@@ -0,0 +1,350 @@
 // 仪表盘页面：拉取运行中任务、漏洞统计、批量任务、工具与 Skills 统计并渲染
 async function refreshDashboard() {
    const runningEl = document.getElementById('dashboard-running-tasks');
    const vulnTotalEl = document.getElementById('dashboard-vuln-total');
    const severityIds = ['critical', 'high', 'medium', 'low', 'info'];
    if (runningEl) runningEl.textContent = '…';
    if (vulnTotalEl) vulnTotalEl.textContent = '…';
    severityIds.forEach(s => {
        const el = document.getElementById('dashboard-severity-' + s);
        if (el) el.textContent = '0';
        const barEl = document.getElementById('dashboard-bar-' + s);
        if (barEl) barEl.style.width = '0%';
    });
    setDashboardOverviewPlaceholder('…');
    setEl('dashboard-kpi-tools-calls', '…');
    setEl('dashboard-kpi-success-rate', '…');
    var chartPlaceholder = document.getElementById('dashboard-tools-pie-placeholder');
    if (chartPlaceholder) { chartPlaceholder.style.removeProperty('display'); chartPlaceholder.textContent = '加载中…'; }
    var barChartEl = document.getElementById('dashboard-tools-bar-chart');
    if (barChartEl) { barChartEl.style.display = 'none'; barChartEl.innerHTML = ''; }
    if (typeof apiFetch === 'undefined') {
        if (runningEl) runningEl.textContent = '-';
        if (vulnTotalEl) vulnTotalEl.textContent = '-';
        setDashboardOverviewPlaceholder('-');
        return;
    }
    try {
        const [tasksRes, vulnRes, batchRes, monitorRes, knowledgeRes, skillsRes] = await Promise.all([
            apiFetch('/api/agent-loop/tasks').then(r => r.ok ? r.json() : null).catch(() => null),
            apiFetch('/api/vulnerabilities/stats').then(r => r.ok ? r.json() : null).catch(() => null),
            apiFetch('/api/batch-tasks?limit=500&page=1').then(r => r.ok ? r.json() : null).catch(() => null),
            apiFetch('/api/monitor/stats').then(r => r.ok ? r.json() : null).catch(() => null),
            apiFetch('/api/knowledge/stats').then(r => r.ok ? r.json() : null).catch(() => null),
            apiFetch('/api/skills/stats').then(r => r.ok ? r.json() : null).catch(() => null)
        ]);
        if (tasksRes && Array.isArray(tasksRes.tasks)) {
            if (runningEl) runningEl.textContent = String(tasksRes.tasks.length);
        } else {
            if (runningEl) runningEl.textContent = '-';
        }
        if (vulnRes && typeof vulnRes.total === 'number') {
            if (vulnTotalEl) vulnTotalEl.textContent = String(vulnRes.total);
            const bySeverity = vulnRes.by_severity || {};
            const total = vulnRes.total || 0;
            severityIds.forEach(sev => {
                const count = bySeverity[sev] || 0;
                const el = document.getElementById('dashboard-severity-' + sev);
                if (el) el.textContent = String(count);
                const barEl = document.getElementById('dashboard-bar-' + sev);
                if (barEl) barEl.style.width = total > 0 ? (count / total * 100) + '%' : '0%';
            });
        } else {
            if (vulnTotalEl) vulnTotalEl.textContent = '-';
            severityIds.forEach(sev => {
                const barEl = document.getElementById('dashboard-bar-' + sev);
                if (barEl) barEl.style.width = '0%';
            });
        }
        // 批量任务队列：按状态统计（优化版）
        if (batchRes && Array.isArray(batchRes.queues)) {
            const queues = batchRes.queues;
            let pending = 0, running = 0, done = 0;
            queues.forEach(q => {
                const s = (q.status || '').toLowerCase();
                if (s === 'pending' || s === 'paused') pending++;
                else if (s === 'running') running++;
                else if (s === 'completed' || s === 'cancelled') done++;
            });
            const total = pending + running + done;
            setEl('dashboard-batch-pending', String(pending));
            setEl('dashboard-batch-running', String(running));
            setEl('dashboard-batch-done', String(done));
            setEl('dashboard-batch-total', total > 0 ? `共 ${total} 个` : '暂无任务');
            // 更新进度条
            if (total > 0) {
                const pendingPct = (pending / total * 100).toFixed(1);
                const runningPct = (running / total * 100).toFixed(1);
                const donePct = (done / total * 100).toFixed(1);
                updateProgressBar('dashboard-batch-progress-pending', pendingPct);
                updateProgressBar('dashboard-batch-progress-running', runningPct);
                updateProgressBar('dashboard-batch-progress-done', donePct);
            } else {
                updateProgressBar('dashboard-batch-progress-pending', '0');
                updateProgressBar('dashboard-batch-progress-running', '0');
                updateProgressBar('dashboard-batch-progress-done', '0');
            }
        } else {
            setEl('dashboard-batch-pending', '-');
            setEl('dashboard-batch-running', '-');
            setEl('dashboard-batch-done', '-');
            setEl('dashboard-batch-total', '-');
            updateProgressBar('dashboard-batch-progress-pending', '0');
            updateProgressBar('dashboard-batch-progress-running', '0');
            updateProgressBar('dashboard-batch-progress-done', '0');
        }
        // 工具调用：monitor/stats 为 { toolName: { totalCalls, successCalls, failedCalls, ... } }（优化版）
        if (monitorRes && typeof monitorRes === 'object') {
            const names = Object.keys(monitorRes);
            let totalCalls = 0, totalSuccess = 0, totalFailed = 0;
            names.forEach(k => {
                const v = monitorRes[k];
                const n = v && (v.totalCalls ?? v.TotalCalls);
                if (typeof n === 'number') totalCalls += n;
                const s = v && (v.successCalls ?? v.SuccessCalls);
                if (typeof s === 'number') totalSuccess += s;
                const f = v && (v.failedCalls ?? v.FailedCalls);
                if (typeof f === 'number') totalFailed += f;
            });
            setEl('dashboard-tools-count', String(names.length));
            setEl('dashboard-tools-calls', formatNumber(totalCalls));
            setEl('dashboard-kpi-tools-calls', String(totalCalls));
            var rateStr = totalCalls > 0 ? ((totalSuccess / totalCalls) * 100).toFixed(1) + '%' : '-';
            setEl('dashboard-kpi-success-rate', rateStr);
            setEl('dashboard-tools-success-rate', rateStr !== '-' ? `成功率 ${rateStr}` : '-');
            renderDashboardToolsBar(monitorRes);
        } else {
            setEl('dashboard-tools-count', '-');
            setEl('dashboard-tools-calls', '-');
            setEl('dashboard-kpi-tools-calls', '-');
            setEl('dashboard-kpi-success-rate', '-');
            setEl('dashboard-tools-success-rate', '-');
            renderDashboardToolsBar(null);
        }
        // 知识：{ enabled, total_categories, total_items, ... }（优化版）
        const knowledgeItemsEl = document.getElementById('dashboard-knowledge-items');
        const knowledgeCategoriesEl = document.getElementById('dashboard-knowledge-categories');
        const knowledgeStatusEl = document.getElementById('dashboard-knowledge-status');
        if (knowledgeRes && typeof knowledgeRes === 'object') {
            if (knowledgeRes.enabled === false) {
                // 功能未启用：用状态标签展示，数值保持为 "-"
                if (knowledgeStatusEl) knowledgeStatusEl.textContent = '未启用';
                if (knowledgeItemsEl) knowledgeItemsEl.textContent = '-';
                if (knowledgeCategoriesEl) knowledgeCategoriesEl.textContent = '-';
            } else {
                const categories = knowledgeRes.total_categories ?? 0;
                const items = knowledgeRes.total_items ?? 0;
                if (knowledgeItemsEl) knowledgeItemsEl.textContent = formatNumber(items);
                if (knowledgeCategoriesEl) knowledgeCategoriesEl.textContent = formatNumber(categories);
                // 根据数据量给个轻量状态文案
                if (knowledgeStatusEl) {
                    if (items > 0 || categories > 0) {
                        knowledgeStatusEl.textContent = '已启用';
                    } else {
                        knowledgeStatusEl.textContent = '待配置';
                    }
                }
            }
        } else {
            if (knowledgeItemsEl) knowledgeItemsEl.textContent = '-';
            if (knowledgeCategoriesEl) knowledgeCategoriesEl.textContent = '-';
            if (knowledgeStatusEl) knowledgeStatusEl.textContent = '-';
        }
        // Skills：{ total_skills, total_calls, ... }（优化版）
        if (skillsRes && typeof skillsRes === 'object') {
            const totalSkills = skillsRes.total_skills ?? 0;
            const totalCalls = skillsRes.total_calls ?? 0;
            setEl('dashboard-skills-count', formatNumber(totalSkills));
            setEl('dashboard-skills-calls', formatNumber(totalCalls));
            // 设置状态标签
            const statusEl = document.getElementById('dashboard-skills-status');
            if (statusEl) {
                if (totalCalls === 0) {
                    statusEl.textContent = '待使用';
                    statusEl.style.background = 'rgba(0, 0, 0, 0.05)';
                    statusEl.style.color = 'var(--text-secondary)';
                } else if (totalCalls < 10) {
                    statusEl.textContent = '活跃';
                    statusEl.style.background = 'rgba(16, 185, 129, 0.1)';
                    statusEl.style.color = '#10b981';
                } else {
                    statusEl.textContent = '高频';
                    statusEl.style.background = 'rgba(59, 130, 246, 0.1)';
                    statusEl.style.color = '#3b82f6';
                }
            }
        } else {
            setEl('dashboard-skills-count', '-');
            setEl('dashboard-skills-calls', '-');
            const statusEl = document.getElementById('dashboard-skills-status');
            if (statusEl) statusEl.textContent = '-';
        }
    } catch (e) {
        console.warn('仪表盘拉取统计失败', e);
        if (runningEl) runningEl.textContent = '-';
        if (vulnTotalEl) vulnTotalEl.textContent = '-';
        setDashboardOverviewPlaceholder('-');
        setEl('dashboard-kpi-success-rate', '-');
        setEl('dashboard-kpi-tools-calls', '-');
        renderDashboardToolsBar(null);
        var ph = document.getElementById('dashboard-tools-pie-placeholder');
        if (ph) { ph.style.removeProperty('display'); ph.textContent = '暂无调用数据'; }
    }
 }
 function setEl(id, text) {
    const el = document.getElementById(id);
    if (el) el.textContent = text;
 }
 function setDashboardOverviewPlaceholder(t) {
    ['dashboard-batch-pending', 'dashboard-batch-running', 'dashboard-batch-done', 'dashboard-batch-total',
     'dashboard-tools-count', 'dashboard-tools-calls', 'dashboard-tools-success-rate',
     'dashboard-skills-count', 'dashboard-skills-calls', 'dashboard-skills-status',
     'dashboard-knowledge-items', 'dashboard-knowledge-categories', 'dashboard-knowledge-status'].forEach(id => setEl(id, t));
    updateProgressBar('dashboard-batch-progress-pending', '0');
    updateProgressBar('dashboard-batch-progress-running', '0');
    updateProgressBar('dashboard-batch-progress-done', '0');
 }
 // 格式化数字，添加千位分隔符
 function formatNumber(num) {
    if (typeof num !== 'number' || isNaN(num)) return '-';
    if (num === 0) return '0';
    return num.toLocaleString('zh-CN');
 }
 // 更新进度条宽度
 function updateProgressBar(id, percentage) {
    const el = document.getElementById(id);
    if (el) {
        const pct = parseFloat(percentage) || 0;
        el.style.width = Math.max(0, Math.min(100, pct)) + '%';
    }
 }
 // Top 30 工具执行次数柱状图颜色（30 色不重复，柔和、易区分）
 var DASHBOARD_BAR_COLORS = [
    '#93c5fd', '#a78bfa', '#6ee7b7', '#fde047', '#fda4af',
    '#7dd3fc', '#a5b4fc', '#5eead4', '#fdba74', '#e9d5ff',
    '#67e8f9', '#c4b5fd', '#86efac', '#fcd34d', '#f9a8d4',
    '#bae6fd', '#c7d2fe', '#99f6e4', '#fed7aa', '#ddd6fe',
    '#22d3ee', '#8b5cf6', '#4ade80', '#fbbf24', '#fb7185',
    '#38bdf8', '#818cf8', '#2dd4bf', '#fb923c', '#e0e7ff'
 ];
 function esc(s) {
    if (typeof s !== 'string') return '';
    return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/"/g, '&quot;');
 }
 function renderDashboardToolsBar(monitorRes) {
    const placeholder = document.getElementById('dashboard-tools-pie-placeholder');
    const barChartEl = document.getElementById('dashboard-tools-bar-chart');
    if (!placeholder || !barChartEl) return;
    if (!monitorRes || typeof monitorRes !== 'object') {
        placeholder.style.removeProperty('display');
        placeholder.textContent = '暂无调用数据';
        barChartEl.style.display = 'none';
        barChartEl.innerHTML = '';
        return;
    }
    const entries = Object.keys(monitorRes).map(function (k) {
        const v = monitorRes[k];
        const totalCalls = v && (v.totalCalls ?? v.TotalCalls);
        return { name: k, totalCalls: typeof totalCalls === 'number' ? totalCalls : 0 };
    }).filter(function (e) { return e.totalCalls > 0; })
        .sort(function (a, b) { return b.totalCalls - a.totalCalls; })
        .slice(0, 30);
    if (entries.length === 0) {
        placeholder.style.removeProperty('display');
        placeholder.textContent = '暂无调用数据';
        barChartEl.style.display = 'none';
        barChartEl.innerHTML = '';
        return;
    }
    placeholder.style.display = 'none';
    barChartEl.style.display = 'block';
    const maxCalls = Math.max.apply(null, entries.map(function (e) { return e.totalCalls; }));
    var html = '';
    entries.forEach(function (e, i) {
        var pct = maxCalls > 0 ? (e.totalCalls / maxCalls) * 100 : 0;
        var label = e.name.length > 12 ? e.name.slice(0, 10) + '…' : e.name;
        var color = DASHBOARD_BAR_COLORS[i % DASHBOARD_BAR_COLORS.length];
        var fullName = esc(e.name);
        html += '<div class="dashboard-tools-bar-item" data-tooltip="' + fullName + '">';
        html += '<span class="dashboard-tools-bar-label">' + esc(label) + '</span>';
        html += '<div class="dashboard-tools-bar-track"><div class="dashboard-tools-bar-fill" style="width:' + pct + '%;background:' + color + '"></div></div>';
        html += '<span class="dashboard-tools-bar-value">' + e.totalCalls + '</span>';
        html += '</div>';
    });
    barChartEl.innerHTML = html;
    attachDashboardBarTooltips(barChartEl);
 }
 var dashboardBarTooltipEl = null;
 var dashboardBarTooltipTimer = null;
 function attachDashboardBarTooltips(barChartEl) {
    if (!barChartEl) return;
    if (!dashboardBarTooltipEl) {
        dashboardBarTooltipEl = document.createElement('div');
        dashboardBarTooltipEl.className = 'dashboard-tools-bar-tooltip';
        dashboardBarTooltipEl.setAttribute('role', 'tooltip');
        document.body.appendChild(dashboardBarTooltipEl);
    }
    barChartEl.removeEventListener('mouseover', dashboardBarTooltipOnOver);
    barChartEl.removeEventListener('mouseout', dashboardBarTooltipOnOut);
    barChartEl.addEventListener('mouseover', dashboardBarTooltipOnOver);
    barChartEl.addEventListener('mouseout', dashboardBarTooltipOnOut);
 }
 function dashboardBarTooltipOnOver(ev) {
    var item = ev.target && ev.target.closest && ev.target.closest('.dashboard-tools-bar-item');
    if (!item || !dashboardBarTooltipEl) return;
    var text = item.getAttribute('data-tooltip');
    if (!text) return;
    clearTimeout(dashboardBarTooltipTimer);
    dashboardBarTooltipTimer = setTimeout(function () {
        dashboardBarTooltipEl.textContent = text;
        dashboardBarTooltipEl.style.display = 'block';
        requestAnimationFrame(function () {
            var rect = item.getBoundingClientRect();
            var ttRect = dashboardBarTooltipEl.getBoundingClientRect();
            var x = rect.left + (rect.width / 2) - (ttRect.width / 2);
            var y = rect.top - ttRect.height - 6;
            if (y < 8) y = rect.bottom + 6;
            var pad = 8;
            if (x < pad) x = pad;
            if (x + ttRect.width > window.innerWidth - pad) x = window.innerWidth - ttRect.width - pad;
            dashboardBarTooltipEl.style.left = x + 'px';
            dashboardBarTooltipEl.style.top = y + 'px';
        });
    }, 180);
 }
 function dashboardBarTooltipOnOut(ev) {
    var item = ev.target && ev.target.closest && ev.target.closest('.dashboard-tools-bar-item');
    var related = ev.relatedTarget && ev.relatedTarget.closest && ev.relatedTarget.closest('.dashboard-tools-bar-item');
    if (item && item === related) return;
    clearTimeout(dashboardBarTooltipTimer);
    dashboardBarTooltipTimer = null;
    if (dashboardBarTooltipEl) dashboardBarTooltipEl.style.display = 'none';
 }
@@ -0,0 +1,802 @@
 // 信息收集页面（FOFA）
 const FOFA_FORM_STORAGE_KEY = 'info-collect-fofa-form';
 const FOFA_HIDDEN_FIELDS_STORAGE_KEY = 'info-collect-fofa-hidden-fields';
 const infoCollectState = {
    currentPayload: null, // { fields, results, query, total, page, size }
    hiddenFields: new Set(),
    selectedRowIndexes: new Set(),
    tableBound: false
 };
 // HTML转义（如果未定义）
 if (typeof escapeHtml === 'undefined') {
    function escapeHtml(text) {
        if (text == null) return '';
        const div = document.createElement('div');
        div.textContent = String(text);
        return div.innerHTML;
    }
 }
 function getFofaFormElements() {
    return {
        query: document.getElementById('fofa-query'),
        size: document.getElementById('fofa-size'),
        page: document.getElementById('fofa-page'),
        fields: document.getElementById('fofa-fields'),
        full: document.getElementById('fofa-full'),
        meta: document.getElementById('fofa-results-meta'),
        selectedMeta: document.getElementById('fofa-selected-meta'),
        thead: document.getElementById('fofa-results-thead'),
        tbody: document.getElementById('fofa-results-tbody'),
        columnsPanel: document.getElementById('fofa-columns-panel'),
        columnsList: document.getElementById('fofa-columns-list')
    };
 }
 function loadHiddenFieldsFromStorage() {
    try {
        const raw = localStorage.getItem(FOFA_HIDDEN_FIELDS_STORAGE_KEY);
        if (!raw) return [];
        const arr = JSON.parse(raw);
        if (!Array.isArray(arr)) return [];
        return arr.filter(x => typeof x === 'string');
    } catch (e) {
        return [];
    }
 }
 function saveHiddenFieldsToStorage() {
    try {
        localStorage.setItem(FOFA_HIDDEN_FIELDS_STORAGE_KEY, JSON.stringify(Array.from(infoCollectState.hiddenFields)));
    } catch (e) {
        // ignore
    }
 }
 function loadFofaFormFromStorage() {
    try {
        const raw = localStorage.getItem(FOFA_FORM_STORAGE_KEY);
        if (!raw) return null;
        const data = JSON.parse(raw);
        if (!data || typeof data !== 'object') return null;
        return data;
    } catch (e) {
        return null;
    }
 }
 function saveFofaFormToStorage(payload) {
    try {
        localStorage.setItem(FOFA_FORM_STORAGE_KEY, JSON.stringify(payload));
    } catch (e) {
        // ignore
    }
 }
 function initInfoCollectPage() {
    const els = getFofaFormElements();
    if (!els.query || !els.size || !els.fields || !els.tbody) return;
    // 恢复隐藏字段
    infoCollectState.hiddenFields = new Set(loadHiddenFieldsFromStorage());
    // 恢复上次输入
    const saved = loadFofaFormFromStorage();
    if (saved) {
        if (typeof saved.query === 'string') els.query.value = saved.query;
        if (typeof saved.size === 'number' || typeof saved.size === 'string') els.size.value = saved.size;
        if (typeof saved.page === 'number' || typeof saved.page === 'string') els.page.value = saved.page;
        if (typeof saved.fields === 'string') els.fields.value = saved.fields;
        if (typeof saved.full === 'boolean') els.full.checked = saved.full;
    }
    // 绑定 Enter 快捷查询（在 query 里用 Ctrl/Cmd+Enter）
    els.query.addEventListener('keydown', (e) => {
        if ((e.ctrlKey || e.metaKey) && e.key === 'Enter') {
            e.preventDefault();
            submitFofaSearch();
        }
    });
    // 单行输入：按内容自动增高（避免默认留空白行）
    const autoGrow = () => {
        try {
            els.query.style.height = '40px';
            const max = 110;
            const h = Math.min(max, els.query.scrollHeight);
            els.query.style.height = `${h}px`;
        } catch (e) {
            // ignore
        }
    };
    els.query.addEventListener('input', autoGrow);
    // 初始化时也执行一次
    setTimeout(autoGrow, 0);
    // 绑定表格事件（事件委托，只绑定一次）
    bindFofaTableEvents();
    updateSelectedMeta();
 }
 function applyFofaQueryPreset(preset) {
    const els = getFofaFormElements();
    if (!els.query) return;
    els.query.value = (preset || '').trim();
    els.query.focus();
    saveFofaFormToStorage({
        query: els.query.value,
        size: parseInt(els.size?.value, 10) || 100,
        page: parseInt(els.page?.value, 10) || 1,
        fields: els.fields?.value || '',
        full: !!els.full?.checked
    });
 }
 function applyFofaFieldsPreset(preset) {
    const els = getFofaFormElements();
    if (!els.fields) return;
    els.fields.value = (preset || '').trim();
    els.fields.focus();
    saveFofaFormToStorage({
        query: (els.query?.value || '').trim(),
        size: parseInt(els.size?.value, 10) || 100,
        page: parseInt(els.page?.value, 10) || 1,
        fields: els.fields.value,
        full: !!els.full?.checked
    });
 }
 function resetFofaForm() {
    const els = getFofaFormElements();
    if (!els.query) return;
    els.query.value = '';
    if (els.size) els.size.value = 100;
    if (els.page) els.page.value = 1;
    if (els.fields) els.fields.value = 'host,ip,port,domain,title,protocol,country,province,city,server';
    if (els.full) els.full.checked = false;
    saveFofaFormToStorage({
        query: els.query.value,
        size: parseInt(els.size?.value, 10) || 100,
        page: parseInt(els.page?.value, 10) || 1,
        fields: els.fields?.value || '',
        full: !!els.full?.checked
    });
    renderFofaResults({ query: '', fields: [], results: [], total: 0, page: 1, size: 0 });
 }
 async function submitFofaSearch() {
    const els = getFofaFormElements();
    const query = (els.query?.value || '').trim();
    const size = parseInt(els.size?.value, 10) || 100;
    const page = parseInt(els.page?.value, 10) || 1;
    const fields = (els.fields?.value || '').trim();
    const full = !!els.full?.checked;
    if (!query) {
        alert('请输入 FOFA 查询语法');
        return;
    }
    saveFofaFormToStorage({ query, size, page, fields, full });
    setFofaMeta('查询中...');
    setFofaLoading(true);
    try {
        const response = await apiFetch('/api/fofa/search', {
            method: 'POST',
            headers: { 'Content-Type': 'application/json' },
            body: JSON.stringify({ query, size, page, fields, full })
        });
        const result = await response.json().catch(() => ({}));
        if (!response.ok) {
            throw new Error(result.error || `请求失败: ${response.status}`);
        }
        renderFofaResults(result);
    } catch (e) {
        console.error('FOFA 查询失败:', e);
        setFofaMeta('查询失败');
        renderFofaResults({ query, fields: [], results: [], total: 0, page: 1, size: 0 });
        alert('FOFA 查询失败: ' + (e && e.message ? e.message : String(e)));
    } finally {
        setFofaLoading(false);
    }
 }
 function setFofaMeta(text) {
    const els = getFofaFormElements();
    if (els.meta) {
        els.meta.textContent = text || '-';
    }
 }
 function updateSelectedMeta() {
    const els = getFofaFormElements();
    if (els.selectedMeta) {
        els.selectedMeta.textContent = `已选择 ${infoCollectState.selectedRowIndexes.size} 条`;
    }
 }
 function setFofaLoading(loading) {
    const els = getFofaFormElements();
    if (!els.tbody) return;
    if (loading) {
        const fieldsCount = (document.getElementById('fofa-fields')?.value || '').split(',').filter(Boolean).length;
        const colspan = Math.max(1, fieldsCount + 1);
        els.tbody.innerHTML = `<tr><td class="muted" style="padding: 16px;" colspan="${colspan}">加载中...</td></tr>`;
    }
 }
 function renderFofaResults(payload) {
    const els = getFofaFormElements();
    if (!els.thead || !els.tbody) return;
    const fields = Array.isArray(payload.fields) ? payload.fields : [];
    const results = Array.isArray(payload.results) ? payload.results : [];
    // 保存当前 payload 到 state
    infoCollectState.currentPayload = {
        query: payload.query || '',
        total: typeof payload.total === 'number' ? payload.total : 0,
        page: typeof payload.page === 'number' ? payload.page : 1,
        size: typeof payload.size === 'number' ? payload.size : 0,
        fields,
        results
    };
    // 清理选择（避免字段/结果变化导致错位）
    infoCollectState.selectedRowIndexes.clear();
    updateSelectedMeta();
    // 修剪隐藏字段：只保留当前 fields 中存在的
    const allowed = new Set(fields);
    infoCollectState.hiddenFields.forEach(f => {
        if (!allowed.has(f)) infoCollectState.hiddenFields.delete(f);
    });
    saveHiddenFieldsToStorage();
    const total = typeof payload.total === 'number' ? payload.total : 0;
    const size = typeof payload.size === 'number' ? payload.size : 0;
    const page = typeof payload.page === 'number' ? payload.page : 1;
    setFofaMeta(`共 ${total} 条 · 本页 ${results.length} 条 · page=${page} · size=${size}`);
    // 可见字段
    const visibleFields = fields.filter(f => !infoCollectState.hiddenFields.has(f));
    // 列面板
    renderFofaColumnsPanel(fields, visibleFields);
    // 表头（左：勾选列；右：操作列固定）
    const headerCells = [
        '<th class="info-collect-col-select"><input type="checkbox" id="fofa-select-all" title="全选/全不选"/></th>',
        ...visibleFields.map(f => `<th>${escapeHtml(String(f))}</th>`),
        '<th class="info-collect-col-actions">操作</th>'
    ].join('');
    els.thead.innerHTML = `<tr>${headerCells}</tr>`;
    // 表体
    if (results.length === 0) {
        const colspan = Math.max(1, visibleFields.length + 2);
        els.tbody.innerHTML = `<tr><td class="muted" style="padding: 16px;" colspan="${colspan}">暂无数据</td></tr>`;
        return;
    }
    const rowsHtml = results.map((row, idx) => {
        const safeRow = row && typeof row === 'object' ? row : {};
        const target = inferTargetFromRow(safeRow, fields);
        const encoded = encodeURIComponent(JSON.stringify(safeRow));
        const encodedTarget = encodeURIComponent(target || '');
        const selectHtml = `<td class="info-collect-col-select"><input class="fofa-row-select" type="checkbox" data-index="${idx}" title="选择该行"/></td>`;
        const cellsHtml = visibleFields.map(f => {
            const val = safeRow[f];
            const text = val == null ? '' : String(val);
            // host 字段：尽量渲染为可点击链接
            if (f === 'host') {
                const href = normalizeHttpLink(text);
                if (href) {
                    const safeHref = escapeHtml(href);
                    return `<td class="info-collect-cell" data-field="${escapeHtml(f)}" data-full="${escapeHtml(text)}" title="${escapeHtml(text)}"><a class="info-collect-link" href="${safeHref}" target="_blank" rel="noopener noreferrer" onclick="event.stopPropagation();">${escapeHtml(text)}</a></td>`;
                }
            }
            return `<td class="info-collect-cell" data-field="${escapeHtml(f)}" data-full="${escapeHtml(text)}" title="${escapeHtml(text)}"><span class="info-collect-cell-text">${escapeHtml(text)}</span></td>`;
        }).join('');
        const actionHtml = `
            <div class="info-collect-actions">
                <button class="btn-icon" onclick="copyFofaTargetEncoded('${encodedTarget}'); event.stopPropagation();" title="复制目标">
                    <svg width="16" height="16" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
                        <rect x="9" y="9" width="13" height="13" rx="2" stroke="currentColor" stroke-width="2"/>
                        <path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1" stroke="currentColor" stroke-width="2" stroke-linecap="round"/>
                    </svg>
                </button>
                <button class="btn-icon" onclick="scanFofaRow('${encoded}', event); event.stopPropagation();" title="发送到对话（可编辑；Ctrl/⌘+点击可直接发送）">
                    <svg width="16" height="16" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
                        <path d="M10.5 13.5l3-3" stroke="currentColor" stroke-width="2" stroke-linecap="round"/>
                        <path d="M8 8H5a4 4 0 1 0 0 8h3" stroke="currentColor" stroke-width="2" stroke-linecap="round"/>
                        <path d="M16 8h3a4 4 0 0 1 0 8h-3" stroke="currentColor" stroke-width="2" stroke-linecap="round"/>
                    </svg>
                </button>
            </div>
        `;
        return `<tr data-index="${idx}">${selectHtml}${cellsHtml}<td class="info-collect-col-actions">${actionHtml}</td></tr>`;
    }).join('');
    els.tbody.innerHTML = rowsHtml;
    // 更新全选框状态
    syncSelectAllCheckbox();
 }
 function inferTargetFromRow(row, fields) {
    // 优先 host（FOFA 常见返回 http(s)://...）
    const host = row.host != null ? String(row.host).trim() : '';
    if (host) return host;
    const domain = row.domain != null ? String(row.domain).trim() : '';
    const ip = row.ip != null ? String(row.ip).trim() : '';
    const port = row.port != null ? String(row.port).trim() : '';
    const protocol = row.protocol != null ? String(row.protocol).trim().toLowerCase() : '';
    const base = domain || ip;
    if (!base) return '';
    if (port) {
        // 仅做一个轻量推断：443 -> https, 80 -> http，其余不强行加 scheme
        const p = parseInt(port, 10);
        if (!isNaN(p) && (p === 80 || p === 443)) {
            const scheme = p === 443 ? 'https' : 'http';
            return `${scheme}://${base}:${p}`;
        }
        if (protocol === 'https' || protocol === 'http') {
            return `${protocol}://${base}:${port}`;
        }
        return `${base}:${port}`;
    }
    return base;
 }
 function normalizeHttpLink(raw) {
    const v = (raw || '').trim();
    if (!v) return '';
    if (v.startsWith('http://') || v.startsWith('https://')) return v;
    // 某些 host 可能是 domain 或 ip:port；这里不强行拼装，避免误导
    return '';
 }
 function copyFofaTarget(target) {
    const text = (target || '').trim();
    if (!text) {
        alert('没有可复制的目标');
        return;
    }
    navigator.clipboard.writeText(text).then(() => {
        // 简单提示
        showInlineToast('已复制目标');
    }).catch(() => {
        alert('复制失败，请手动复制：' + text);
    });
 }
 function copyFofaTargetEncoded(encodedTarget) {
    try {
        copyFofaTarget(decodeURIComponent(encodedTarget || ''));
    } catch (e) {
        copyFofaTarget(encodedTarget || '');
    }
 }
 function showInlineToast(text) {
    const toast = document.createElement('div');
    toast.textContent = text;
    toast.style.cssText = 'position: fixed; top: 24px; right: 24px; background: rgba(0,0,0,0.85); color: #fff; padding: 10px 12px; border-radius: 8px; z-index: 10000; font-size: 13px;';
    document.body.appendChild(toast);
    setTimeout(() => toast.remove(), 1200);
 }
 function scanFofaRow(encodedRowJson, clickEvent) {
    let row = {};
    try {
        row = JSON.parse(decodeURIComponent(encodedRowJson));
    } catch (e) {
        console.warn('解析行数据失败', e);
    }
    const fields = (document.getElementById('fofa-fields')?.value || '').split(',').map(s => s.trim()).filter(Boolean);
    const target = inferTargetFromRow(row, fields);
    if (!target) {
        alert('无法从该行推断扫描目标（建议在 fields 中包含 host/ip/port/domain）');
        return;
    }
    // 切换到对话页并发送消息（每次点击都新建会话，避免发到历史会话）
    if (typeof switchPage === 'function') {
        switchPage('chat');
    } else {
        window.location.hash = 'chat';
    }
    const message = buildScanMessage(target, row);
    const autoSend = !!(clickEvent && (clickEvent.ctrlKey || clickEvent.metaKey));
    setTimeout(async () => {
        // 新建会话：必须等待其完成，否则它会在后续把输入框清空
        try {
            if (typeof startNewConversation === 'function') {
                const maybePromise = startNewConversation();
                if (maybePromise && typeof maybePromise.then === 'function') {
                    await maybePromise;
                }
            }
        } catch (e) {
            // ignore
        }
        const input = document.getElementById('chat-input');
        if (input) {
            input.value = message;
            // 触发自动高度调整（chat.js 里如果监听 input）
            input.dispatchEvent(new Event('input', { bubbles: true }));
            input.focus();
        }
        if (autoSend) {
            if (typeof sendMessage === 'function') {
                sendMessage();
            } else {
                alert('未找到 sendMessage()，请刷新页面后重试');
            }
        } else {
            showInlineToast('已填入对话输入框，可编辑后发送');
        }
    }, 250);
 }
 function buildScanMessage(target, row) {
    const title = row && row.title != null ? String(row.title).trim() : '';
    const server = row && row.server != null ? String(row.server).trim() : '';
    const hintParts = [];
    if (title) hintParts.push(`title="${title}"`);
    if (server) hintParts.push(`server="${server}"`);
    const hint = hintParts.length ? `（FOFA提示：${hintParts.join(', ')}）` : '';
    return `对以下目标做信息收集与基础扫描：\n${target}\n\n要求：\n1) 识别服务/框架与关键指纹\n2) 枚举开放端口与常见管理入口\n3) 用 httpx/指纹/目录探测等方式快速确认可访问面\n4) 输出可复现的命令与结论\n\n${hint}`.trim();
 }
 function bindFofaTableEvents() {
    if (infoCollectState.tableBound) return;
    infoCollectState.tableBound = true;
    const els = getFofaFormElements();
    if (!els.tbody) return;
    // 事件委托：选择/单元格展开
    els.tbody.addEventListener('click', (e) => {
        const checkbox = e.target && e.target.classList && e.target.classList.contains('fofa-row-select') ? e.target : null;
        if (checkbox) {
            const idx = parseInt(checkbox.getAttribute('data-index'), 10);
            if (!isNaN(idx)) {
                if (checkbox.checked) infoCollectState.selectedRowIndexes.add(idx);
                else infoCollectState.selectedRowIndexes.delete(idx);
                updateSelectedMeta();
                syncSelectAllCheckbox();
            }
            return;
        }
        const cell = e.target && e.target.closest ? e.target.closest('.info-collect-cell') : null;
        if (cell) {
            const full = cell.getAttribute('data-full') || '';
            const field = cell.getAttribute('data-field') || '';
            // 点击链接不弹窗
            if (e.target && e.target.tagName === 'A') return;
            if (full && full.length > 0) {
                showCellDetailModal(field, full);
            }
        }
    });
    // thead 的全选（因为 thead 会重渲染，用事件捕获到 document）
    document.addEventListener('change', (e) => {
        const t = e.target;
        if (!t || t.id !== 'fofa-select-all') return;
        const checked = !!t.checked;
        toggleSelectAllRows(checked);
    });
 }
 function toggleSelectAllRows(checked) {
    const els = getFofaFormElements();
    if (!els.tbody) return;
    const boxes = els.tbody.querySelectorAll('input.fofa-row-select');
    infoCollectState.selectedRowIndexes.clear();
    boxes.forEach(b => {
        b.checked = checked;
        const idx = parseInt(b.getAttribute('data-index'), 10);
        if (checked && !isNaN(idx)) infoCollectState.selectedRowIndexes.add(idx);
    });
    updateSelectedMeta();
    syncSelectAllCheckbox();
 }
 function syncSelectAllCheckbox() {
    const selectAll = document.getElementById('fofa-select-all');
    const els = getFofaFormElements();
    if (!selectAll || !els.tbody) return;
    const boxes = els.tbody.querySelectorAll('input.fofa-row-select');
    const total = boxes.length;
    const selected = infoCollectState.selectedRowIndexes.size;
    if (total === 0) {
        selectAll.checked = false;
        selectAll.indeterminate = false;
        return;
    }
    if (selected === 0) {
        selectAll.checked = false;
        selectAll.indeterminate = false;
    } else if (selected === total) {
        selectAll.checked = true;
        selectAll.indeterminate = false;
    } else {
        selectAll.checked = false;
        selectAll.indeterminate = true;
    }
 }
 function renderFofaColumnsPanel(allFields, visibleFields) {
    const els = getFofaFormElements();
    if (!els.columnsList) return;
    const currentVisible = new Set(visibleFields);
    els.columnsList.innerHTML = allFields.map(f => {
        const checked = currentVisible.has(f);
        const safe = escapeHtml(f);
        return `
            <label class="info-collect-col-item" title="${safe}">
                <input type="checkbox" ${checked ? 'checked' : ''} onchange="toggleFofaColumn('${safe}', this.checked)" />
                <span>${safe}</span>
            </label>
        `;
    }).join('');
 }
 function toggleFofaColumn(field, visible) {
    const f = String(field || '').trim();
    if (!f) return;
    if (visible) infoCollectState.hiddenFields.delete(f);
    else infoCollectState.hiddenFields.add(f);
    saveHiddenFieldsToStorage();
    // 重新渲染表格（用 state 中缓存的 payload）
    if (infoCollectState.currentPayload) {
        renderFofaResults(infoCollectState.currentPayload);
    }
 }
 function toggleFofaColumnsPanel() {
    const els = getFofaFormElements();
    if (!els.columnsPanel) return;
    const show = els.columnsPanel.style.display === 'none' || !els.columnsPanel.style.display;
    els.columnsPanel.style.display = show ? 'block' : 'none';
 }
 function closeFofaColumnsPanel() {
    const els = getFofaFormElements();
    if (els.columnsPanel) els.columnsPanel.style.display = 'none';
 }
 // 点击面板外部关闭（避免一直占着表格顶部）
 document.addEventListener('click', (e) => {
    const panel = document.getElementById('fofa-columns-panel');
    const btn = e.target && e.target.closest ? e.target.closest('button') : null;
    const isColumnsBtn = btn && btn.getAttribute && btn.getAttribute('onclick') && String(btn.getAttribute('onclick')).includes('toggleFofaColumnsPanel');
    if (!panel || panel.style.display === 'none') return;
    if (panel.contains(e.target) || isColumnsBtn) return;
    panel.style.display = 'none';
 });
 function showAllFofaColumns() {
    infoCollectState.hiddenFields.clear();
    saveHiddenFieldsToStorage();
    if (infoCollectState.currentPayload) renderFofaResults(infoCollectState.currentPayload);
 }
 function hideAllFofaColumns() {
    const p = infoCollectState.currentPayload;
    if (!p || !Array.isArray(p.fields)) return;
    // 允许隐藏全部，但给用户一个最小可用：至少保留 host/ip/domain 中之一（如果存在）
    const keep = ['host', 'ip', 'domain'].find(x => p.fields.includes(x));
    infoCollectState.hiddenFields = new Set(p.fields.filter(f => f !== keep));
    saveHiddenFieldsToStorage();
    renderFofaResults(p);
 }
 function exportFofaResults(format) {
    const p = infoCollectState.currentPayload;
    if (!p || !Array.isArray(p.results) || p.results.length === 0) {
        alert('暂无可导出的结果');
        return;
    }
    const fields = p.fields || [];
    const visibleFields = fields.filter(f => !infoCollectState.hiddenFields.has(f));
    const now = new Date();
    const ts = `${now.getFullYear()}${String(now.getMonth() + 1).padStart(2, '0')}${String(now.getDate()).padStart(2, '0')}_${String(now.getHours()).padStart(2, '0')}${String(now.getMinutes()).padStart(2, '0')}${String(now.getSeconds()).padStart(2, '0')}`;
    if (format === 'json') {
        const payload = {
            query: p.query || '',
            total: p.total || 0,
            page: p.page || 1,
            size: p.size || 0,
            fields: fields,
            results: p.results
        };
        downloadBlob(JSON.stringify(payload, null, 2), `fofa_results_${ts}.json`, 'application/json;charset=utf-8');
        return;
    }
    // csv：默认导出可见字段（更符合“列隐藏”直觉）
    const header = visibleFields;
    const rows = p.results.map(row => {
        const r = row && typeof row === 'object' ? row : {};
        return header.map(f => csvEscape(r[f]));
    });
    const csv = [header.map(csvEscape).join(','), ...rows.map(cols => cols.join(','))].join('\n');
    downloadBlob(csv, `fofa_results_${ts}.csv`, 'text/csv;charset=utf-8');
 }
 function csvEscape(value) {
    if (value == null) return '""';
    const s = String(value).replace(/"/g, '""');
    return `"${s}"`;
 }
 function downloadBlob(content, filename, mime) {
    const blob = new Blob([content], { type: mime });
    const url = URL.createObjectURL(blob);
    const a = document.createElement('a');
    a.href = url;
    a.download = filename;
    document.body.appendChild(a);
    a.click();
    document.body.removeChild(a);
    URL.revokeObjectURL(url);
 }
 async function batchScanSelectedFofaRows() {
    const p = infoCollectState.currentPayload;
    if (!p || !Array.isArray(p.results) || p.results.length === 0) {
        alert('暂无结果');
        return;
    }
    const selected = Array.from(infoCollectState.selectedRowIndexes).sort((a, b) => a - b);
    if (selected.length === 0) {
        alert('请先勾选需要扫描的行');
        return;
    }
    const fields = p.fields || [];
    const tasks = [];
    const skipped = [];
    selected.forEach(idx => {
        const row = p.results[idx];
        const target = inferTargetFromRow(row || {}, fields);
        if (!target) {
            skipped.push(idx + 1);
            return;
        }
        tasks.push(buildScanMessage(target, row || {}));
    });
    if (tasks.length === 0) {
        alert('未能从所选行推断任何可扫描目标（建议 fields 中包含 host/ip/port/domain）');
        return;
    }
    const title = (p.query ? `FOFA 批量扫描：${p.query}` : 'FOFA 批量扫描').slice(0, 80);
    try {
        const resp = await apiFetch('/api/batch-tasks', {
            method: 'POST',
            headers: { 'Content-Type': 'application/json' },
            body: JSON.stringify({ title, tasks, role: '信息收集' })
        });
        const result = await resp.json().catch(() => ({}));
        if (!resp.ok) {
            throw new Error(result.error || `创建批量队列失败: ${resp.status}`);
        }
        const queueId = result.queueId;
        if (!queueId) {
            throw new Error('创建成功但未返回 queueId');
        }
        // 跳到任务管理并打开队列详情
        if (typeof switchPage === 'function') switchPage('tasks');
        setTimeout(() => {
            if (typeof showBatchQueueDetail === 'function') {
                showBatchQueueDetail(queueId);
            }
        }, 250);
        if (skipped.length > 0) {
            showInlineToast(`已创建队列（跳过 ${skipped.length} 条无目标行）`);
        } else {
            showInlineToast('已创建批量扫描队列');
        }
    } catch (e) {
        console.error('批量扫描失败:', e);
        alert('批量扫描失败: ' + (e && e.message ? e.message : String(e)));
    }
 }
 function showCellDetailModal(field, fullText) {
    const existing = document.getElementById('info-collect-cell-modal');
    if (existing) existing.remove();
    const modal = document.createElement('div');
    modal.id = 'info-collect-cell-modal';
    modal.className = 'info-collect-cell-modal';
    modal.innerHTML = `
        <div class="info-collect-cell-modal-content" role="dialog" aria-modal="true">
            <div class="info-collect-cell-modal-header">
                <div class="info-collect-cell-modal-title">${escapeHtml(field || '字段')}</div>
                <button class="btn-icon" type="button" id="info-collect-cell-modal-close" title="关闭">
                    <svg width="16" height="16" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
                        <path d="M18 6L6 18M6 6l12 12" stroke="currentColor" stroke-width="2" stroke-linecap="round"/>
                    </svg>
                </button>
            </div>
            <div class="info-collect-cell-modal-body">
                <pre class="info-collect-cell-modal-pre">${escapeHtml(fullText || '')}</pre>
            </div>
            <div class="info-collect-cell-modal-footer">
                <button class="btn-secondary" type="button" id="info-collect-cell-modal-copy">复制</button>
                <button class="btn-primary" type="button" id="info-collect-cell-modal-ok">关闭</button>
            </div>
        </div>
    `;
    document.body.appendChild(modal);
    const close = () => modal.remove();
    modal.addEventListener('click', (e) => {
        if (e.target === modal) close();
    });
    document.getElementById('info-collect-cell-modal-close')?.addEventListener('click', close);
    document.getElementById('info-collect-cell-modal-ok')?.addEventListener('click', close);
    document.getElementById('info-collect-cell-modal-copy')?.addEventListener('click', () => {
        navigator.clipboard.writeText(fullText || '').then(() => showInlineToast('已复制')).catch(() => alert('复制失败'));
    });
    // Esc 关闭
    const onKey = (e) => {
        if (e.key === 'Escape') {
            close();
            document.removeEventListener('keydown', onKey);
        }
    };
    document.addEventListener('keydown', onKey);
 }
 // 暴露到全局（供 index.html onclick 调用）
 window.initInfoCollectPage = initInfoCollectPage;
 window.resetFofaForm = resetFofaForm;
 window.submitFofaSearch = submitFofaSearch;
 window.scanFofaRow = scanFofaRow;
 window.copyFofaTarget = copyFofaTarget;
 window.copyFofaTargetEncoded = copyFofaTargetEncoded;
 window.applyFofaQueryPreset = applyFofaQueryPreset;
 window.applyFofaFieldsPreset = applyFofaFieldsPreset;
 window.toggleFofaColumnsPanel = toggleFofaColumnsPanel;
 window.closeFofaColumnsPanel = closeFofaColumnsPanel;
 window.showAllFofaColumns = showAllFofaColumns;
 window.hideAllFofaColumns = hideAllFofaColumns;
 window.toggleFofaColumn = toggleFofaColumn;
 window.exportFofaResults = exportFofaResults;
 window.batchScanSelectedFofaRows = batchScanSelectedFofaRows;
@@ -1,5 +1,5 @@
 // 页面路由管理
-let currentPage = 'chat';
+let currentPage = 'dashboard';
 // 初始化路由
 function initRouter() {
@@ -8,7 +8,7 @@ function initRouter() {
    if (hash) {
        const hashParts = hash.split('?');
        const pageId = hashParts[0];
-        if (pageId && ['chat', 'vulnerabilities', 'mcp-monitor', 'mcp-management', 'knowledge-management', 'knowledge-retrieval-logs', 'roles-management', 'skills-monitor', 'skills-management', 'settings', 'tasks'].includes(pageId)) {
+        if (pageId && ['dashboard', 'chat', 'info-collect', 'vulnerabilities', 'mcp-monitor', 'mcp-management', 'knowledge-management', 'knowledge-retrieval-logs', 'roles-management', 'skills-monitor', 'skills-management', 'settings', 'tasks'].includes(pageId)) {
            switchPage(pageId);
            // 如果是chat页面且带有conversation参数，加载对应对话
@@ -32,8 +32,8 @@ function initRouter() {
        }
    }
-    // 默认显示对话页面
+    // 默认显示仪表盘
-    switchPage('chat');
+    switchPage('dashboard');
 }
 // 切换页面
@@ -237,9 +237,20 @@ function showSubmenuPopup(navItem, menuId) {
 // 初始化页面
 function initPage(pageId) {
    switch(pageId) {
        case 'dashboard':
            if (typeof refreshDashboard === 'function') {
                refreshDashboard();
            }
            break;
        case 'chat':
            // 对话页面已由chat.js初始化
            break;
        case 'info-collect':
            // 信息收集页面
            if (typeof initInfoCollectPage === 'function') {
                initInfoCollectPage();
            }
            break;
        case 'tasks':
            // 初始化任务管理页面
            if (typeof initTasksPage === 'function') {
@@ -254,16 +265,25 @@ function initPage(pageId) {
            break;
        case 'mcp-management':
            // 初始化MCP管理
            // 先加载外部MCP列表（快速），然后加载工具列表
            if (typeof loadExternalMCPs === 'function') {
-                loadExternalMCPs();
+                loadExternalMCPs().catch(err => {
                    console.warn('加载外部MCP列表失败:', err);
                });
            }
            // 加载工具列表（MCP工具配置已移到MCP管理页面）
            // 使用异步加载，避免阻塞页面渲染
            if (typeof loadToolsList === 'function') {
                // 确保工具分页设置已初始化
                if (typeof getToolsPageSize === 'function' && typeof toolsPagination !== 'undefined') {
                    toolsPagination.pageSize = getToolsPageSize();
                }
-                loadToolsList(1, '');
+                // 延迟加载，让页面先渲染
                setTimeout(() => {
                    loadToolsList(1, '').catch(err => {
                        console.error('加载工具列表失败:', err);
                    });
                }, 100);
            }
            break;
        case 'vulnerabilities':
@@ -341,7 +361,7 @@ document.addEventListener('DOMContentLoaded', function() {
        const hashParts = hash.split('?');
        const pageId = hashParts[0];
-        if (pageId && ['chat', 'tasks', 'vulnerabilities', 'mcp-monitor', 'mcp-management', 'knowledge-management', 'knowledge-retrieval-logs', 'roles-management', 'skills-monitor', 'skills-management', 'settings'].includes(pageId)) {
+        if (pageId && ['chat', 'info-collect', 'tasks', 'vulnerabilities', 'mcp-monitor', 'mcp-management', 'knowledge-management', 'knowledge-retrieval-logs', 'roles-management', 'skills-monitor', 'skills-management', 'settings'].includes(pageId)) {
            switchPage(pageId);
            // 如果是chat页面且带有conversation参数，加载对应对话
@@ -102,6 +102,15 @@ async function loadConfig(loadTools = true) {
        document.getElementById('openai-api-key').value = currentConfig.openai.api_key || '';
        document.getElementById('openai-base-url').value = currentConfig.openai.base_url || '';
        document.getElementById('openai-model').value = currentConfig.openai.model || '';
        // 填充FOFA配置
        const fofa = currentConfig.fofa || {};
        const fofaEmailEl = document.getElementById('fofa-email');
        const fofaKeyEl = document.getElementById('fofa-api-key');
        const fofaBaseUrlEl = document.getElementById('fofa-base-url');
        if (fofaEmailEl) fofaEmailEl.value = fofa.email || '';
        if (fofaKeyEl) fofaKeyEl.value = fofa.api_key || '';
        if (fofaBaseUrlEl) fofaBaseUrlEl.value = fofa.base_url || '';
        // 填充Agent配置
        document.getElementById('agent-max-iterations').value = currentConfig.agent.max_iterations || 30;
@@ -183,6 +192,14 @@ let toolsSearchKeyword = '';
 // 加载工具列表（分页）
 async function loadToolsList(page = 1, searchKeyword = '') {
    const toolsList = document.getElementById('tools-list');
    // 显示加载状态
    if (toolsList) {
        // 清空整个容器，包括可能存在的分页控件
        toolsList.innerHTML = '<div class="tools-list-items"><div class="loading" style="padding: 20px; text-align: center; color: var(--text-muted);">⏳ 正在加载工具列表...</div></div>';
    }
    try {
        // 在加载新页面之前，先保存当前页的状态到全局映射
        saveCurrentPageToolStates();
@@ -193,7 +210,15 @@ async function loadToolsList(page = 1, searchKeyword = '') {
            url += `&search=${encodeURIComponent(searchKeyword)}`;
        }
-        const response = await apiFetch(url);
+        // 使用较短的超时时间（10秒），避免长时间等待
        const controller = new AbortController();
        const timeoutId = setTimeout(() => controller.abort(), 10000);
        const response = await apiFetch(url, {
            signal: controller.signal
        });
        clearTimeout(timeoutId);
        if (!response.ok) {
            throw new Error('获取工具列表失败');
        }
@@ -224,9 +249,12 @@ async function loadToolsList(page = 1, searchKeyword = '') {
        renderToolsPagination();
    } catch (error) {
        console.error('加载工具列表失败:', error);
        const toolsList = document.getElementById('tools-list');
        if (toolsList) {
-            toolsList.innerHTML = `<div class="error">加载工具列表失败: ${escapeHtml(error.message)}</div>`;
+            const isTimeout = error.name === 'AbortError' || error.message.includes('timeout');
            const errorMsg = isTimeout 
                ? '加载工具列表超时，可能是外部MCP连接较慢。请点击"刷新"按钮重试，或检查外部MCP连接状态。'
                : `加载工具列表失败: ${escapeHtml(error.message)}`;
            toolsList.innerHTML = `<div class="error" style="padding: 20px; text-align: center;">${errorMsg}</div>`;
        }
    }
 }
@@ -281,9 +309,21 @@ function renderToolsList() {
    const toolsList = document.getElementById('tools-list');
    if (!toolsList) return;
-    // 只渲染列表部分，分页控件单独渲染
+    // 移除可能存在的分页控件（会在 renderToolsPagination 中重新添加）
-    const listContainer = toolsList.querySelector('.tools-list-items') || document.createElement('div');
+    const oldPagination = toolsList.querySelector('.tools-pagination');
-    listContainer.className = 'tools-list-items';
+    if (oldPagination) {
        oldPagination.remove();
    }
    // 获取或创建列表容器
    let listContainer = toolsList.querySelector('.tools-list-items');
    if (!listContainer) {
        listContainer = document.createElement('div');
        listContainer.className = 'tools-list-items';
        toolsList.appendChild(listContainer);
    }
    // 清空列表容器内容（移除加载提示）
    listContainer.innerHTML = '';
    if (allTools.length === 0) {
@@ -662,6 +702,11 @@ async function applySettings() {
                base_url: baseUrl,
                model: model
            },
            fofa: {
                email: document.getElementById('fofa-email')?.value.trim() || '',
                api_key: document.getElementById('fofa-api-key')?.value.trim() || '',
                base_url: document.getElementById('fofa-base-url')?.value.trim() || ''
            },
            agent: {
                max_iterations: parseInt(document.getElementById('agent-max-iterations').value) || 30
            },
@@ -974,15 +1019,17 @@ async function changePassword() {
 let currentEditingMCPName = null;
-// 加载外部MCP列表
+// 拉取外部MCP列表数据（供轮询使用，返回 { servers, stats }）
 async function fetchExternalMCPs() {
    const response = await apiFetch('/api/external-mcp');
    if (!response.ok) throw new Error('获取外部MCP列表失败');
    return response.json();
 }
 // 加载外部MCP列表并渲染
 async function loadExternalMCPs() {
    try {
-        const response = await apiFetch('/api/external-mcp');
+        const data = await fetchExternalMCPs();
        if (!response.ok) {
            throw new Error('获取外部MCP列表失败');
        }
        const data = await response.json();
        renderExternalMCPList(data.servers || {});
        renderExternalMCPStats(data.stats || {});
    } catch (error) {
@@ -994,6 +1041,29 @@ async function loadExternalMCPs() {
    }
 }
 // 轮询列表直到指定 MCP 的工具数量已更新（每秒拉一次，拿到即停，无固定延迟）
 // name 为 null 时仅按 maxAttempts 次数轮询，不判断 tool_count
 async function pollExternalMCPToolCount(name, maxAttempts = 10) {
    const pollIntervalMs = 1000;
    for (let attempt = 0; attempt < maxAttempts; attempt++) {
        await new Promise(r => setTimeout(r, pollIntervalMs));
        try {
            const data = await fetchExternalMCPs();
            renderExternalMCPList(data.servers || {});
            renderExternalMCPStats(data.stats || {});
            if (name != null) {
                const server = data.servers && data.servers[name];
                if (server && server.tool_count > 0) break;
            }
        } catch (e) {
            console.warn('轮询工具数量失败:', e);
        }
    }
    if (typeof window !== 'undefined' && typeof window.refreshMentionTools === 'function') {
        window.refreshMentionTools();
    }
 }
 // 渲染外部MCP列表
 function renderExternalMCPList(servers) {
    const list = document.getElementById('external-mcp-list');
@@ -1350,10 +1420,11 @@ async function saveExternalMCP() {
        closeExternalMCPModal();
        await loadExternalMCPs();
        // 刷新对话界面的工具列表，使新添加的MCP工具立即可用
        if (typeof window !== 'undefined' && typeof window.refreshMentionTools === 'function') {
            window.refreshMentionTools();
        }
        // 轮询几次以拉取后端异步更新的工具数量（无固定延迟，拿到即停）
        pollExternalMCPToolCount(null, 5);
        alert('保存成功');
    } catch (error) {
        console.error('保存外部MCP失败:', error);
@@ -1427,12 +1498,12 @@ async function toggleExternalMCP(name, currentStatus) {
                    const status = statusData.status || 'disconnected';
                    if (status === 'connected') {
                        // 已经连接，立即刷新
                        await loadExternalMCPs();
                        // 刷新对话界面的工具列表
                        if (typeof window !== 'undefined' && typeof window.refreshMentionTools === 'function') {
                            window.refreshMentionTools();
                        }
                        // 轮询直到该 MCP 工具数量已更新（每秒拉一次，无固定延迟）
                        pollExternalMCPToolCount(name, 10);
                        return;
                    }
                }
@@ -1490,12 +1561,12 @@ async function pollExternalMCPStatus(name, maxAttempts = 30) {
                const button = document.getElementById(buttonId);
                if (status === 'connected') {
                    // 连接成功，刷新列表
                    await loadExternalMCPs();
                    // 刷新对话界面的工具列表
                    if (typeof window !== 'undefined' && typeof window.refreshMentionTools === 'function') {
                        window.refreshMentionTools();
                    }
                    // 轮询直到该 MCP 工具数量已更新（每秒拉一次，无固定延迟）
                    pollExternalMCPToolCount(name, 10);
                    return;
                } else if (status === 'error' || status === 'disconnected') {
                    // 连接失败，刷新列表并显示错误
@@ -24,7 +24,7 @@ function getSkillsPageSize() {
        const saved = localStorage.getItem('skillsPageSize');
        if (saved) {
            const size = parseInt(saved);
-            if ([20, 50, 100].includes(size)) {
+            if ([10, 20, 50, 100].includes(size)) {
                return size;
            }
        }
@@ -109,8 +109,8 @@ function renderSkillsList() {
            <div class="skill-card">
                <div class="skill-card-header">
                    <h3 class="skill-card-title">${escapeHtml(skill.name || '')}</h3>
                    <div class="skill-card-description">${escapeHtml(skill.description || '无描述')}</div>
                </div>
                <div class="skill-card-description">${escapeHtml(skill.description || '无描述')}</div>
                <div class="skill-card-actions">
                    <button class="btn-secondary btn-small" onclick="viewSkill('${escapeHtml(skill.name)}')">查看</button>
                    <button class="btn-secondary btn-small" onclick="editSkill('${escapeHtml(skill.name)}')">编辑</button>
@@ -161,6 +161,7 @@ function renderSkillsPagination() {
            <label class="pagination-page-size">
                每页显示
                <select id="skills-page-size-pagination" onchange="changeSkillsPageSize()">
                    <option value="10" ${pageSize === 10 ? 'selected' : ''}>10</option>
                    <option value="20" ${pageSize === 20 ? 'selected' : ''}>20</option>
                    <option value="50" ${pageSize === 50 ? 'selected' : ''}>50</option>
                    <option value="100" ${pageSize === 100 ? 'selected' : ''}>100</option>
@@ -516,20 +516,36 @@
            min-width: 150px;
        }
-        /* 参数名、类型、必需、示例列不换行 */
+        /* 参数名、类型、必需列不换行 */
        .api-params-table th:nth-child(1),
        .api-params-table td:nth-child(1),
        .api-params-table th:nth-child(2),
        .api-params-table td:nth-child(2),
        .api-params-table th:nth-child(4),
-        .api-params-table td:nth-child(4),
+        .api-params-table td:nth-child(4) {
        .api-params-table th:nth-child(5),
        .api-params-table td:nth-child(5) {
            white-space: nowrap;
            overflow: hidden;
            text-overflow: ellipsis;
        }
        /* 示例列允许换行，完整显示 */
        .api-params-table th:nth-child(5),
        .api-params-table td:nth-child(5) {
            white-space: normal;
            word-wrap: break-word;
            overflow-wrap: break-word;
            overflow: visible;
        }
        /* 确保示例列中的code标签也能完整显示 */
        .api-params-table td:nth-child(5) code {
            white-space: normal;
            word-wrap: break-word;
            overflow-wrap: break-word;
            display: inline-block;
            max-width: 100%;
        }
        /* 描述列允许换行，但保持水平方向 */
        .api-params-table th:nth-child(3),
        .api-params-table td:nth-child(3) {
@@ -674,6 +690,44 @@
            background: var(--bg-secondary);
        }
        /* 复制curl按钮 - 黄色主题 */
        .api-test-btn.copy-curl {
            background: #ffc107;
            color: white;
            border: 1px solid #ffb300;
        }
        .api-test-btn.copy-curl:hover {
            background: #ffb300;
            border-color: #ffa000;
            transform: translateY(-1px);
            box-shadow: 0 2px 8px rgba(255, 193, 7, 0.3);
        }
        .api-test-btn.copy-curl:active {
            transform: translateY(0);
            box-shadow: 0 1px 4px rgba(255, 193, 7, 0.2);
        }
        /* 清除结果按钮 - 红色/橙色主题 */
        .api-test-btn.clear-result {
            background: #ff6b6b;
            color: white;
            border: 1px solid #ff5252;
        }
        .api-test-btn.clear-result:hover {
            background: #ff5252;
            border-color: #ff4444;
            transform: translateY(-1px);
            box-shadow: 0 2px 8px rgba(255, 107, 107, 0.3);
        }
        .api-test-btn.clear-result:active {
            transform: translateY(0);
            box-shadow: 0 1px 4px rgba(255, 107, 107, 0.2);
        }
        .api-test-result {
            margin-top: 20px;
            padding: 16px;
@@ -11,7 +11,7 @@
 <body>
    <div id="login-overlay" class="login-overlay" style="display: none;">
        <div class="login-card">
-            <div class="login-header">
+            <div class="login-brand">
                <h2>登录 CyberStrikeAI</h2>
                <p class="login-subtitle">请输入配置中的访问密码</p>
            </div>
@@ -21,7 +21,9 @@
                    <input type="password" id="login-password" placeholder="输入登录密码" required autocomplete="current-password" />
                </div>
                <div id="login-error" class="login-error" role="alert" style="display: none;"></div>
-                <button type="submit" class="btn-primary login-submit">登录</button>
+                <button type="submit" class="btn-primary login-submit">
                    <span>登录</span>
                </button>
            </form>
        </div>
    </div>
@@ -29,12 +31,12 @@
    <div class="container">
        <header>
            <div class="header-content">
-                <div class="logo">
+                <div class="logo header-logo-link" onclick="switchPage('dashboard')" role="button" title="返回仪表盘">
                    <img src="/static/logo.png" alt="CyberStrikeAI Logo" style="width: 32px; height: 32px; margin-right: 8px;">
                    <h1>CyberStrikeAI</h1>
                    <span class="version-badge" title="当前版本">{{.Version}}</span>
                </div>
                <div class="header-right">
                    <p class="header-subtitle">AI 驱动的自动化安全测试平台</p>
                    <div class="header-actions">
                        <button class="openapi-doc-btn" onclick="window.open('/api-docs', '_blank')" title="OpenAPI 文档">
                            <span>API 文档</span>
@@ -71,6 +73,17 @@
                    </svg>
                </div>
                <nav class="main-sidebar-nav">
                    <div class="nav-item" data-page="dashboard">
                        <div class="nav-item-content" data-title="仪表盘" onclick="switchPage('dashboard')">
                            <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
                                <rect x="3" y="3" width="7" height="9"></rect>
                                <rect x="14" y="3" width="7" height="5"></rect>
                                <rect x="14" y="12" width="7" height="9"></rect>
                                <rect x="3" y="16" width="7" height="5"></rect>
                            </svg>
                            <span>仪表盘</span>
                        </div>
                    </div>
                    <div class="nav-item" data-page="chat">
                        <div class="nav-item-content" data-title="对话" onclick="switchPage('chat')">
                            <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
@@ -79,6 +92,15 @@
                            <span>对话</span>
                        </div>
                    </div>
                    <div class="nav-item" data-page="info-collect">
                        <div class="nav-item-content" data-title="信息收集" onclick="switchPage('info-collect')">
                            <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
                                <circle cx="11" cy="11" r="8"></circle>
                                <line x1="21" y1="21" x2="16.65" y2="16.65"></line>
                            </svg>
                            <span>信息收集</span>
                        </div>
                    </div>
                    <div class="nav-item" data-page="tasks">
                        <div class="nav-item-content" data-title="任务管理" onclick="switchPage('tasks')">
                            <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
@@ -192,8 +214,175 @@
            <!-- 内容区域 -->
            <div class="content-area">
                <!-- 仪表盘页面 -->
                <div id="page-dashboard" class="page active">
                    <div class="dashboard-page">
                        <div class="page-header">
                            <h2>仪表盘</h2>
                            <div class="page-header-actions">
                                <button class="btn-secondary" onclick="refreshDashboard()" title="刷新数据">刷新</button>
                            </div>
                        </div>
                        <div class="dashboard-content">
                            <!-- 第一行：核心 KPI（仪表盘最佳实践：关键指标置顶） -->
                            <div class="dashboard-kpi-row" id="dashboard-cards">
                                <div class="dashboard-kpi-card" role="button" tabindex="0" onclick="switchPage('tasks')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('tasks'); }" title="点击查看任务管理"> <div class="dashboard-kpi-value" id="dashboard-running-tasks">-</div><div class="dashboard-kpi-label">运行中任务</div></div>
                                <div class="dashboard-kpi-card" role="button" tabindex="0" onclick="switchPage('vulnerabilities')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('vulnerabilities'); }" title="点击查看漏洞管理"><div class="dashboard-kpi-value" id="dashboard-vuln-total">-</div><div class="dashboard-kpi-label">漏洞总数</div></div>
                                <div class="dashboard-kpi-card" role="button" tabindex="0" onclick="switchPage('mcp-monitor')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('mcp-monitor'); }" title="点击查看 MCP 监控"><div class="dashboard-kpi-value" id="dashboard-kpi-tools-calls">-</div><div class="dashboard-kpi-label">工具调用次数</div></div>
                                <div class="dashboard-kpi-card" role="button" tabindex="0" onclick="switchPage('mcp-monitor')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('mcp-monitor'); }" title="点击查看 MCP 监控"><div class="dashboard-kpi-value" id="dashboard-kpi-success-rate">-</div><div class="dashboard-kpi-label">工具执行成功率</div></div>
                            </div>
                            <!-- 两列主内容区 -->
                            <div class="dashboard-grid">
                                <div class="dashboard-main">
                                    <section class="dashboard-section dashboard-section-chart">
                                        <h3 class="dashboard-section-title">漏洞严重程度分布</h3>
                                        <div class="dashboard-chart-wrap">
                                            <div class="dashboard-stacked-bar" id="dashboard-stacked-bar">
                                                <span class="dashboard-bar-seg seg-critical" id="dashboard-bar-critical" style="width: 0%"></span>
                                                <span class="dashboard-bar-seg seg-high" id="dashboard-bar-high" style="width: 0%"></span>
                                                <span class="dashboard-bar-seg seg-medium" id="dashboard-bar-medium" style="width: 0%"></span>
                                                <span class="dashboard-bar-seg seg-low" id="dashboard-bar-low" style="width: 0%"></span>
                                                <span class="dashboard-bar-seg seg-info" id="dashboard-bar-info" style="width: 0%"></span>
                                            </div>
                                            <div class="dashboard-legend" id="dashboard-vuln-bars">
                                                <div class="dashboard-legend-item"><span class="dashboard-legend-dot critical"></span><span class="dashboard-legend-label">严重</span><span class="dashboard-legend-value" id="dashboard-severity-critical">0</span></div>
                                                <div class="dashboard-legend-item"><span class="dashboard-legend-dot high"></span><span class="dashboard-legend-label">高危</span><span class="dashboard-legend-value" id="dashboard-severity-high">0</span></div>
                                                <div class="dashboard-legend-item"><span class="dashboard-legend-dot medium"></span><span class="dashboard-legend-label">中危</span><span class="dashboard-legend-value" id="dashboard-severity-medium">0</span></div>
                                                <div class="dashboard-legend-item"><span class="dashboard-legend-dot low"></span><span class="dashboard-legend-label">低危</span><span class="dashboard-legend-value" id="dashboard-severity-low">0</span></div>
                                                <div class="dashboard-legend-item"><span class="dashboard-legend-dot info"></span><span class="dashboard-legend-label">信息</span><span class="dashboard-legend-value" id="dashboard-severity-info">0</span></div>
                                            </div>
                                        </div>
                                    </section>
                                    <section class="dashboard-section dashboard-section-overview">
                                        <h3 class="dashboard-section-title">运行概览</h3>
                                        <div class="dashboard-overview-list">
                                            <div class="dashboard-overview-item dashboard-overview-item-batch" role="button" tabindex="0" onclick="switchPage('tasks')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('tasks'); }">
                                                <span class="dashboard-overview-icon dashboard-overview-icon-batch" aria-hidden="true"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="3" width="7" height="7"/><rect x="14" y="3" width="7" height="7"/><rect x="14" y="14" width="7" height="7"/><rect x="3" y="14" width="7" height="7"/></svg></span>
                                                <div class="dashboard-overview-content">
                                                    <div class="dashboard-overview-header">
                                                        <span class="dashboard-overview-label">批量任务队列</span>
                                                        <span class="dashboard-overview-total" id="dashboard-batch-total">-</span>
                                                    </div>
                                                    <div class="dashboard-overview-stats">
                                                        <span class="dashboard-overview-stat dashboard-overview-stat-pending">
                                                            <span class="dashboard-overview-stat-badge badge-pending"></span>
                                                            <span class="dashboard-overview-stat-value" id="dashboard-batch-pending">-</span>
                                                            <span class="dashboard-overview-stat-label">待执行</span>
                                                        </span>
                                                        <span class="dashboard-overview-stat dashboard-overview-stat-running">
                                                            <span class="dashboard-overview-stat-badge badge-running"></span>
                                                            <span class="dashboard-overview-stat-value" id="dashboard-batch-running">-</span>
                                                            <span class="dashboard-overview-stat-label">执行中</span>
                                                        </span>
                                                        <span class="dashboard-overview-stat dashboard-overview-stat-done">
                                                            <span class="dashboard-overview-stat-badge badge-done"></span>
                                                            <span class="dashboard-overview-stat-value" id="dashboard-batch-done">-</span>
                                                            <span class="dashboard-overview-stat-label">已完成</span>
                                                        </span>
                                                    </div>
                                                    <div class="dashboard-overview-progress">
                                                        <div class="dashboard-overview-progress-bar">
                                                            <div class="dashboard-overview-progress-segment dashboard-overview-progress-pending" id="dashboard-batch-progress-pending" style="width: 0%"></div>
                                                            <div class="dashboard-overview-progress-segment dashboard-overview-progress-running" id="dashboard-batch-progress-running" style="width: 0%"></div>
                                                            <div class="dashboard-overview-progress-segment dashboard-overview-progress-done" id="dashboard-batch-progress-done" style="width: 0%"></div>
                                                        </div>
                                                    </div>
                                                </div>
                                            </div>
                                            <div class="dashboard-overview-item dashboard-overview-item-tools" role="button" tabindex="0" onclick="switchPage('mcp-monitor')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('mcp-monitor'); }">
                                                <span class="dashboard-overview-icon dashboard-overview-icon-tools" aria-hidden="true"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M14.7 6.3a1 1 0 0 0 0 1.4l1.6 1.6a1 1 0 0 0 1.4 0l3.77-3.77a6 6 0 0 1-7.94 7.94l-6.91 6.91a2.12 2.12 0 0 1-3-3l6.91-6.91a6 6 0 0 1 7.94-7.94l-3.76 3.76z"/></svg></span>
                                                <div class="dashboard-overview-content">
                                                    <div class="dashboard-overview-header">
                                                        <span class="dashboard-overview-label">工具调用</span>
                                                        <span class="dashboard-overview-success-rate" id="dashboard-tools-success-rate">-</span>
                                                    </div>
                                                    <div class="dashboard-overview-value-group">
                                                        <span class="dashboard-overview-value-large" id="dashboard-tools-calls">-</span>
                                                        <span class="dashboard-overview-value-unit">次调用</span>
                                                        <span class="dashboard-overview-value-separator">·</span>
                                                        <span class="dashboard-overview-value-normal" id="dashboard-tools-count">-</span>
                                                        <span class="dashboard-overview-value-unit">个工具</span>
                                                    </div>
                                                </div>
                                            </div>
                                            <div class="dashboard-overview-item dashboard-overview-item-knowledge" role="button" tabindex="0" onclick="switchPage('knowledge-management')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('knowledge-management'); }">
                                                <span class="dashboard-overview-icon dashboard-overview-icon-knowledge" aria-hidden="true"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M4 19.5A2.5 2.5 0 0 1 6.5 17H20"></path><path d="M6.5 2H20v20H6.5A2.5 2.5 0 0 1 4 19.5v-15A2.5 2.5 0 0 1 6.5 2z"></path></svg></span>
                                                <div class="dashboard-overview-content">
                                                    <div class="dashboard-overview-header">
                                                        <span class="dashboard-overview-label">知识</span>
                                                        <span class="dashboard-overview-status" id="dashboard-knowledge-status">-</span>
                                                    </div>
                                                    <div class="dashboard-overview-value-group">
                                                        <span class="dashboard-overview-value-large" id="dashboard-knowledge-items">-</span>
                                                        <span class="dashboard-overview-value-unit">项知识</span>
                                                        <span class="dashboard-overview-value-separator">·</span>
                                                        <span class="dashboard-overview-value-normal" id="dashboard-knowledge-categories">-</span>
                                                        <span class="dashboard-overview-value-unit">个分类</span>
                                                    </div>
                                                </div>
                                            </div>
                                            <div class="dashboard-overview-item dashboard-overview-item-skills" role="button" tabindex="0" onclick="switchPage('skills-monitor')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('skills-monitor'); }">
                                                <span class="dashboard-overview-icon dashboard-overview-icon-skills" aria-hidden="true"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"/><polyline points="14 2 14 8 20 8"/><line x1="16" y1="13" x2="8" y2="13"/><line x1="16" y1="17" x2="8" y2="17"/></svg></span>
                                                <div class="dashboard-overview-content">
                                                    <div class="dashboard-overview-header">
                                                        <span class="dashboard-overview-label">Skills</span>
                                                        <span class="dashboard-overview-status" id="dashboard-skills-status">-</span>
                                                    </div>
                                                    <div class="dashboard-overview-value-group">
                                                        <span class="dashboard-overview-value-large" id="dashboard-skills-calls">-</span>
                                                        <span class="dashboard-overview-value-unit">次调用</span>
                                                        <span class="dashboard-overview-value-separator">·</span>
                                                        <span class="dashboard-overview-value-normal" id="dashboard-skills-count">-</span>
                                                        <span class="dashboard-overview-value-unit">个 Skill</span>
                                                    </div>
                                                </div>
                                            </div>
                                        </div>
                                    </section>
                                    <section class="dashboard-section dashboard-section-quick dashboard-quick-inline">
                                        <h3 class="dashboard-section-title">快捷入口</h3>
                                        <div class="dashboard-quick-links dashboard-quick-links-row">
                                            <a class="dashboard-quick-link" onclick="switchPage('chat')"><span class="dashboard-quick-icon"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z"></path></svg></span><span>对话</span></a>
                                            <a class="dashboard-quick-link" onclick="switchPage('tasks')"><span class="dashboard-quick-icon"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M9 11l3 3L22 4"></path><path d="M21 12v7a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h11"></path></svg></span><span>任务管理</span></a>
                                            <a class="dashboard-quick-link" onclick="switchPage('vulnerabilities')"><span class="dashboard-quick-icon"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"></path></svg></span><span>漏洞管理</span></a>
                                            <a class="dashboard-quick-link" onclick="switchPage('mcp-management')"><span class="dashboard-quick-icon"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M13 2L3 14h9l-1 8 10-12h-9l1-8z"></path></svg></span><span>MCP 管理</span></a>
                                            <a class="dashboard-quick-link" onclick="switchPage('knowledge-management')"><span class="dashboard-quick-icon"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M2 3h6a4 4 0 0 1 4 4v14a3 3 0 0 0-3-3H2z"></path><path d="M22 3h-6a4 4 0 0 0-4 4v14a3 3 0 0 1 3-3h7z"></path></svg></span><span>知识管理</span></a>
                                            <a class="dashboard-quick-link" onclick="switchPage('skills-management')"><span class="dashboard-quick-icon"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M14.5 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V7.5L14.5 2z"></path><polyline points="14 2 14 8 20 8"></polyline></svg></span><span>Skills 管理</span></a>
                                            <a class="dashboard-quick-link" onclick="switchPage('roles-management')"><span class="dashboard-quick-icon"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"></path><circle cx="9" cy="7" r="4"></circle><path d="M23 21v-2a4 4 0 0 0-3-3.87"></path><path d="M16 3.13a4 4 0 0 1 0 7.75"></path></svg></span><span>角色管理</span></a>
                                        </div>
                                    </section>
                                </div>
                                <div class="dashboard-side">
                                    <section class="dashboard-section dashboard-section-tools">
                                        <h3 class="dashboard-section-title">工具执行次数</h3>
                                        <div class="dashboard-tools-chart-wrap">
                                            <div class="dashboard-tools-chart-placeholder" id="dashboard-tools-pie-placeholder">暂无数据</div>
                                            <div class="dashboard-tools-bar-chart" id="dashboard-tools-bar-chart"></div>
                                        </div>
                                    </section>
                                </div>
                            </div>
                            <div class="dashboard-cta-block">
                                <div class="dashboard-cta-content">
                                    <div class="dashboard-cta-icon" aria-hidden="true">
                                        <svg width="28" height="28" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.75" stroke-linecap="round" stroke-linejoin="round"><path d="M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z"></path></svg>
                                    </div>
                                    <div class="dashboard-cta-copy">
                                        <p class="dashboard-cta-text">开始你的安全之旅</p>
                                        <p class="dashboard-cta-sub">在对话中描述目标，AI 将协助执行扫描与漏洞分析</p>
                                    </div>
                                </div>
                                <button class="dashboard-cta-btn" onclick="switchPage('chat')">
                                    <span>前往对话</span>
                                    <span class="dashboard-cta-btn-arrow" aria-hidden="true"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5"><path d="M5 12h14M12 5l7 7-7 7"/></svg></span>
                                </button>
                            </div>
                        </div>
                    </div>
                </div>
                <!-- 对话页面 -->
-                <div id="page-chat" class="page active">
+                <div id="page-chat" class="page">
                    <div class="chat-page-layout">
                        <!-- 历史对话侧边栏 -->
                        <aside class="conversation-sidebar">
@@ -544,6 +733,96 @@
                    </div>
                </div>
                <!-- 信息收集页面 -->
                <div id="page-info-collect" class="page">
                    <div class="page-header">
                        <h2>信息收集</h2>
                        <div class="page-header-actions">
                            <button class="btn-secondary" onclick="resetFofaForm()">重置</button>
                            <button class="btn-primary" onclick="submitFofaSearch()">确定</button>
                        </div>
                    </div>
                    <div class="page-content">
                        <div class="info-collect-panel">
                            <div class="info-collect-form">
                                <div class="form-group">
                                    <label for="fofa-query">FOFA 查询语法</label>
                                    <textarea id="fofa-query" class="info-collect-query-input" rows="1" placeholder='例如：app="Apache" && country="CN"'></textarea>
                                    <small class="form-hint">查询语法参考 FOFA 文档，支持 && / || / () 等。</small>
                                    <div class="info-collect-presets" aria-label="FOFA 查询示例">
                                        <button class="preset-chip" type="button" onclick="applyFofaQueryPreset('app=&quot;Apache&quot; &amp;&amp; country=&quot;CN&quot;')" title="填入示例">Apache + 中国</button>
                                        <button class="preset-chip" type="button" onclick="applyFofaQueryPreset('title=&quot;登录&quot; &amp;&amp; country=&quot;CN&quot;')" title="填入示例">登录页 + 中国</button>
                                        <button class="preset-chip" type="button" onclick="applyFofaQueryPreset('domain=&quot;example.com&quot;')" title="填入示例">指定域名</button>
                                        <button class="preset-chip" type="button" onclick="applyFofaQueryPreset('ip=&quot;1.1.1.1&quot;')" title="填入示例">指定 IP</button>
                                    </div>
                                </div>
                                <div class="info-collect-form-row">
                                    <div class="form-group">
                                        <label for="fofa-size">返回数量</label>
                                        <input type="number" id="fofa-size" min="1" max="10000" value="100" />
                                    </div>
                                    <div class="form-group">
                                        <label for="fofa-page">页码</label>
                                        <input type="number" id="fofa-page" min="1" value="1" />
                                    </div>
                                    <div class="form-group">
                                        <label class="checkbox-label" style="margin-top: 24px;">
                                            <input type="checkbox" id="fofa-full" class="modern-checkbox" />
                                            <span class="checkbox-custom"></span>
                                            <span class="checkbox-text">full</span>
                                        </label>
                                    </div>
                                </div>
                                <div class="form-group">
                                    <label for="fofa-fields">返回字段名（逗号分隔）</label>
                                    <input type="text" id="fofa-fields" value="host,ip,port,domain,title,protocol,country,province,city,server" />
                                    <div class="info-collect-presets" aria-label="FOFA 字段模板">
                                        <button class="preset-chip" type="button" onclick="applyFofaFieldsPreset('host,ip,port,domain')" title="适合快速导出目标">最小字段</button>
                                        <button class="preset-chip" type="button" onclick="applyFofaFieldsPreset('host,title,ip,port,domain,protocol,server,icp,country,province,city')" title="适合浏览和筛选">Web 常用</button>
                                        <button class="preset-chip" type="button" onclick="applyFofaFieldsPreset('host,ip,port,domain,title,protocol,country,province,city,server,as_number,as_organization,icp,header,banner')" title="更偏指纹/情报">情报增强</button>
                                    </div>
                                </div>
                            </div>
                        </div>
                        <div class="info-collect-results">
                            <div class="info-collect-results-header">
                                <div class="info-collect-results-header-left">
                                    <div class="info-collect-results-title">查询结果</div>
                                    <div class="info-collect-results-meta" id="fofa-results-meta">-</div>
                                </div>
                                <div class="info-collect-results-toolbar" aria-label="结果工具条">
                                    <div class="info-collect-selected" id="fofa-selected-meta">已选择 0 条</div>
                                    <button class="btn-secondary btn-small" type="button" onclick="toggleFofaColumnsPanel()" title="显示/隐藏字段">列</button>
                                    <button class="btn-secondary btn-small" type="button" onclick="exportFofaResults('csv')" title="导出当前结果为 CSV">导出 CSV</button>
                                    <button class="btn-secondary btn-small" type="button" onclick="exportFofaResults('json')" title="导出当前结果为 JSON">导出 JSON</button>
                                    <button class="btn-primary btn-small" type="button" onclick="batchScanSelectedFofaRows()" title="将所选行创建为批量任务队列">批量扫描</button>
                                </div>
                            </div>
                            <div class="info-collect-results-table-wrap">
                                <!-- 字段显示/隐藏面板 -->
                                <div id="fofa-columns-panel" class="info-collect-columns-panel" style="display: none;">
                                    <div class="info-collect-columns-panel-header">
                                        <div class="info-collect-columns-title">显示字段</div>
                                        <div class="info-collect-columns-actions">
                                            <button class="btn-secondary btn-small" type="button" onclick="showAllFofaColumns()">全选</button>
                                            <button class="btn-secondary btn-small" type="button" onclick="hideAllFofaColumns()">全不选</button>
                                            <button class="btn-secondary btn-small" type="button" onclick="closeFofaColumnsPanel()">关闭</button>
                                        </div>
                                    </div>
                                    <div id="fofa-columns-list" class="info-collect-columns-list"></div>
                                </div>
                                <table class="info-collect-table">
                                    <thead id="fofa-results-thead"></thead>
                                    <tbody id="fofa-results-tbody">
                                        <tr><td class="muted" style="padding: 16px;">暂无数据</td></tr>
                                    </tbody>
                                </table>
                            </div>
                        </div>
                    </div>
                </div>
                <!-- 漏洞管理页面 -->
                <div id="page-vulnerabilities" class="page">
                    <div class="page-header">
@@ -806,6 +1085,27 @@
                                    </div>
                                </div>
                                <!-- FOFA配置 -->
                                <div class="settings-subsection">
                                    <h4>FOFA 配置</h4>
                                    <div class="settings-form">
                                        <div class="form-group">
                                            <label for="fofa-base-url">Base URL</label>
                                            <input type="text" id="fofa-base-url" placeholder="https://fofa.info/api/v1/search/all（可选）" />
                                            <small class="form-hint">留空则使用默认地址。</small>
                                        </div>
                                        <div class="form-group">
                                            <label for="fofa-email">Email</label>
                                            <input type="text" id="fofa-email" placeholder="输入 FOFA 账号邮箱" autocomplete="off" />
                                        </div>
                                        <div class="form-group">
                                            <label for="fofa-api-key">API Key</label>
                                            <input type="password" id="fofa-api-key" placeholder="输入 FOFA API Key" autocomplete="off" />
                                            <small class="form-hint">仅保存在服务器配置中（`config.yaml`）。</small>
                                        </div>
                                    </div>
                                </div>
                                <!-- Agent配置 -->
                                <div class="settings-subsection">
                                    <h4>Agent 配置</h4>
@@ -1284,8 +1584,44 @@ version: 1.0.0<br>
            <div class="modal-body create-group-body">
                <p class="create-group-description">分组功能可将对话集中归类管理，让对话更加井然有序。</p>
                <div class="create-group-input-wrapper">
-                    <span class="group-icon-input">😊</span>
+                    <button type="button" class="group-icon-input" id="create-group-icon-btn" onclick="toggleGroupIconPicker()" title="点击选择图标">📁</button>
                    <input type="text" id="create-group-name-input" placeholder="请输入分组名称" />
                    <!-- Emoji选择器面板 -->
                    <div id="group-icon-picker" class="group-icon-picker" style="display: none;">
                        <div class="icon-picker-header">
                            <span>选择图标</span>
                            <div class="icon-picker-custom">
                                <input type="text" id="custom-icon-input" class="custom-icon-input" placeholder="自定义" maxlength="2" />
                                <button type="button" class="custom-icon-btn" onclick="applyCustomIcon()">确定</button>
                            </div>
                        </div>
                        <div class="icon-picker-grid">
                            <span class="icon-option" onclick="selectGroupIcon('📁')">📁</span>
                            <span class="icon-option" onclick="selectGroupIcon('🔒')">🔒</span>
                            <span class="icon-option" onclick="selectGroupIcon('🛡️')">🛡️</span>
                            <span class="icon-option" onclick="selectGroupIcon('⚔️')">⚔️</span>
                            <span class="icon-option" onclick="selectGroupIcon('🎯')">🎯</span>
                            <span class="icon-option" onclick="selectGroupIcon('🔍')">🔍</span>
                            <span class="icon-option" onclick="selectGroupIcon('💻')">💻</span>
                            <span class="icon-option" onclick="selectGroupIcon('🐛')">🐛</span>
                            <span class="icon-option" onclick="selectGroupIcon('🚀')">🚀</span>
                            <span class="icon-option" onclick="selectGroupIcon('⚡')">⚡</span>
                            <span class="icon-option" onclick="selectGroupIcon('🔥')">🔥</span>
                            <span class="icon-option" onclick="selectGroupIcon('💡')">💡</span>
                            <span class="icon-option" onclick="selectGroupIcon('🎮')">🎮</span>
                            <span class="icon-option" onclick="selectGroupIcon('🏴‍☠️')">🏴‍☠️</span>
                            <span class="icon-option" onclick="selectGroupIcon('🕵️')">🕵️</span>
                            <span class="icon-option" onclick="selectGroupIcon('🔑')">🔑</span>
                            <span class="icon-option" onclick="selectGroupIcon('📡')">📡</span>
                            <span class="icon-option" onclick="selectGroupIcon('🌐')">🌐</span>
                            <span class="icon-option" onclick="selectGroupIcon('📊')">📊</span>
                            <span class="icon-option" onclick="selectGroupIcon('📝')">📝</span>
                            <span class="icon-option" onclick="selectGroupIcon('🗂️')">🗂️</span>
                            <span class="icon-option" onclick="selectGroupIcon('📌')">📌</span>
                            <span class="icon-option" onclick="selectGroupIcon('⭐')">⭐</span>
                            <span class="icon-option" onclick="selectGroupIcon('💎')">💎</span>
                        </div>
                    </div>
                </div>
                <div class="create-group-suggestions">
                    <div class="suggestion-tag" onclick="selectSuggestion('渗透测试')">渗透测试</div>
@@ -1664,7 +2000,9 @@ version: 1.0.0<br>
    <script src="/static/js/builtin-tools.js"></script>
    <script src="/static/js/auth.js"></script>
    <script src="/static/js/info-collect.js"></script>
    <script src="/static/js/router.js"></script>
    <script src="/static/js/dashboard.js"></script>
    <script src="/static/js/monitor.js"></script>
    <script src="/static/js/chat.js"></script>
    <script src="/static/js/settings.js"></script>
Author	SHA1	Message	Date
公明	665b1d553a	Update config.yaml	2026-02-20 16:53:21 +08:00
公明	fd3a52af01	Add files via upload	2026-02-20 16:40:59 +08:00
公明	8368ee7712	Add FOFA API configuration to config.yaml Add optional FOFA configuration for information collection.	2026-02-20 16:18:53 +08:00
公明	dd883677b8	Add files via upload	2026-02-20 16:16:48 +08:00
公明	2edd5ffe95	Update README_CN.md	2026-02-11 10:31:40 +08:00
公明	ae588dbfe4	Update README.md	2026-02-11 10:29:54 +08:00
公明	93be113a79	Add files via upload	2026-02-11 01:01:56 +08:00
公明	d3fb14f72d	Update requirements.txt	2026-02-11 00:57:56 +08:00
公明	af715e23cb	Add files via upload	2026-02-11 00:50:39 +08:00
公明	3aecdc275f	Add files via upload	2026-02-11 00:44:12 +08:00
公明	660d95a787	Add files via upload	2026-02-11 00:20:50 +08:00
公明	01271fd8eb	Add files via upload	2026-02-10 23:48:27 +08:00
公明	8c6e044f84	Add files via upload	2026-02-10 23:37:43 +08:00
公明	cb2defd0cc	Add files via upload	2026-02-09 20:10:59 +08:00
公明	88ab73e422	Add files via upload	2026-02-09 20:10:37 +08:00
公明	5404d95db7	Update config.yaml	2026-02-09 19:44:11 +08:00
公明	32d0e98cfb	Add files via upload	2026-02-09 19:36:57 +08:00
公明	e4b1e10a42	Add files via upload	2026-02-09 19:26:57 +08:00
公明	870715fc8f	Add files via upload	2026-02-09 19:20:43 +08:00
公明	772a04b715	Add files via upload	2026-02-09 19:15:04 +08:00
公明	2455bde7ab	Update requirements.txt	2026-02-09 13:33:30 +08:00
公明	dbdfc18d57	Delete tools/list-files.yaml	2026-02-09 10:43:54 +08:00
公明	82daad3b56	Update config.yaml	2026-02-09 00:15:56 +08:00
公明	9eee820096	Add files via upload	2026-02-09 00:07:25 +08:00
公明	fae912b79c	Add files via upload	2026-02-09 00:01:33 +08:00
公明	9b48daf795	Add files via upload	2026-02-08 23:57:46 +08:00
公明	bfbb8b31d3	Add files via upload	2026-02-08 23:43:46 +08:00
公明	8b2dfea884	Add files via upload	2026-02-08 23:38:57 +08:00
公明	7447e82c39	Add files via upload	2026-02-08 23:15:43 +08:00
公明	44b8d0b427	Add files via upload	2026-02-08 22:01:56 +08:00
公明	3a26d77c94	Update config.yaml	2026-02-08 21:29:08 +08:00
公明	0be6746794	Add files via upload	2026-02-08 21:28:20 +08:00
公明	06bfed508a	Update requirements.txt	2026-02-08 20:56:15 +08:00
公明	0d617ebd66	Add files via upload	2026-02-08 20:46:51 +08:00
公明	9a52ec25ea	Add files via upload	2026-02-08 20:40:50 +08:00
公明	594b7676e1	Add files via upload	2026-02-08 20:38:50 +08:00
公明	fd5d1dff10	Add files via upload	2026-02-08 20:20:43 +08:00
公明	b8218d9f77	Add tool description mode to security config Add tool description mode configuration options.	2026-02-08 20:11:04 +08:00
公明	7b7c689efd	Add files via upload	2026-02-08 20:09:23 +08:00
公明	27b16e0d54	Add files via upload	2026-02-07 00:04:59 +08:00
公明	2b6b678439	Add files via upload	2026-02-04 19:39:29 +08:00
公明	be104d1a05	Add files via upload	2026-02-04 19:37:46 +08:00
公明	f64bda3678	Add files via upload	2026-02-04 19:07:32 +08:00
公明	4b8dbb1bd6	Delete internal/mcp/client.go	2026-02-04 10:14:49 +08:00
公明	783d80ee37	Add files via upload	2026-02-04 02:00:52 +08:00
公明	a27c13b734	Add files via upload	2026-02-04 01:57:01 +08:00
公明	3cbf398636	Add files via upload	2026-02-04 01:39:11 +08:00
公明	84d54b1ea9	Add files via upload	2026-02-04 01:34:25 +08:00
公明	91230f273e	Add files via upload	2026-01-29 19:32:33 +08:00
公明	81fca5b2dd	Add files via upload	2026-01-29 19:19:38 +08:00
公明	01b6b226eb	Add files via upload	2026-01-28 23:58:57 +08:00
公明	efd7a0aadd	Add files via upload	2026-01-28 20:34:21 +08:00
公明	895061911c	Add files via upload	2026-01-28 20:19:02 +08:00