Update config.yaml

README.md

@@ -16,6 +16,17 @@
 
 </details>
 
+<details>
+<summary><strong>Sponsorship</strong> (click to expand)</summary>
+
+If CyberStrikeAI helps you, you can support the project via **WeChat Pay** or **Alipay**:
+
+<div align="center">
+  <img src="./images/sponsor-wechat-alipay-qr.jpg" alt="WeChat Pay and Alipay sponsorship QR codes" width="480">
+</div>
+
+</details>
+
 CyberStrikeAI is an **AI-native security testing platform** built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, and comprehensive lifecycle management capabilities. Through native MCP protocol and AI agents, it enables end-to-end automation from conversational commands to vulnerability discovery, attack-chain analysis, knowledge retrieval, and result visualization—delivering an auditable, traceable, and collaborative testing environment for security teams.
 
 

README_CN.md

@@ -15,6 +15,17 @@
 
 </details>
 
+<details>
+<summary><strong>赞助</strong>（点击展开）</summary>
+
+若 CyberStrikeAI 对您有帮助，可通过 **微信支付** 或 **支付宝** 赞助项目：
+
+<div align="center">
+  <img src="./images/sponsor-wechat-alipay-qr.jpg" alt="微信与支付宝赞助二维码" width="480">
+</div>
+
+</details>
+
 CyberStrikeAI 是一款 **AI 原生安全测试平台**，基于 Go 构建，集成了 100+ 安全工具、智能编排引擎、角色化测试与预设安全测试角色、Skills 技能系统与专业测试技能，以及完整的测试生命周期管理能力。通过原生 MCP 协议与 AI 智能体，支持从对话指令到漏洞发现、攻击链分析、知识检索与结果可视化的全流程自动化，为安全团队提供可审计、可追溯、可协作的专业测试环境。
 
 

config.yaml

@@ -10,7 +10,7 @@
 # ============================================
 
 # 前端显示的版本号（可选，不填则显示默认版本）
-version: "v1.4.7"
+version: "v1.4.9"
 # 服务器配置
 server:
   host: 0.0.0.0 # 监听地址，0.0.0.0 表示监听所有网络接口

internal/app/app.go

@@ -664,6 +664,7 @@ func setupRoutes(
 		protected.GET("/messages/:id/process-details", conversationHandler.GetMessageProcessDetails)
 		protected.PUT("/conversations/:id", conversationHandler.UpdateConversation)
 		protected.DELETE("/conversations/:id", conversationHandler.DeleteConversation)
+		protected.POST("/conversations/:id/delete-turn", conversationHandler.DeleteConversationTurn)
 		protected.PUT("/conversations/:id/pinned", groupHandler.UpdateConversationPinned)
 
 		// 对话分组

internal/attackchain/builder.go

@@ -97,7 +97,8 @@ func (b *Builder) BuildChainFromConversation(ctx context.Context, conversationID
 		return &Chain{Nodes: []Node{}, Edges: []Edge{}}, nil
 	}
 
-	// 检查是否有实际的工具执行（通过检查assistant消息的mcp_execution_ids）
+	// 检查是否有实际的工具执行：assistant 的 mcp_execution_ids，或过程详情中的 tool_call/tool_result
+	//（多代理下若 MCP 未返回 execution_id，IDs 可能为空，但工具已通过 Eino 执行并写入 process_details）
 	hasToolExecutions := false
 	for i := len(messages) - 1; i >= 0; i-- {
 		if strings.EqualFold(messages[i].Role, "assistant") {
@@ -107,6 +108,13 @@ func (b *Builder) BuildChainFromConversation(ctx context.Context, conversationID
 			}
 		}
 	}
+	if !hasToolExecutions {
+		if pdOK, err := b.db.ConversationHasToolProcessDetails(conversationID); err != nil {
+			b.logger.Warn("查询过程详情判定工具执行失败", zap.Error(err))
+		} else if pdOK {
+			hasToolExecutions = true
+		}
+	}
 
 	// 检查任务是否被取消（通过检查最后一条assistant消息内容或process_details）
 	taskCancelled := false
@@ -204,6 +212,37 @@ func (b *Builder) BuildChainFromConversation(ctx context.Context, conversationID
 		}
 	}
 
+	// 多代理：保存的 last_react_input 可能仅为首轮用户消息，不含工具轨迹；补充最后一轮助手的过程详情（与单代理「最后一轮 ReAct」对齐）
+	hasMCPOnAssistant := false
+	var lastAssistantID string
+	for i := len(messages) - 1; i >= 0; i-- {
+		if strings.EqualFold(messages[i].Role, "assistant") {
+			lastAssistantID = messages[i].ID
+			if len(messages[i].MCPExecutionIDs) > 0 {
+				hasMCPOnAssistant = true
+			}
+			break
+		}
+	}
+	if lastAssistantID != "" {
+		pdHasTools, _ := b.db.ConversationHasToolProcessDetails(conversationID)
+		if pdHasTools && !(hasMCPOnAssistant && reactInputContainsToolTrace(reactInputJSON)) {
+			detailsMap, err := b.db.GetProcessDetailsByConversation(conversationID)
+			if err != nil {
+				b.logger.Warn("加载过程详情用于攻击链失败", zap.Error(err))
+			} else if dets := detailsMap[lastAssistantID]; len(dets) > 0 {
+				extra := b.formatProcessDetailsForAttackChain(dets)
+				if strings.TrimSpace(extra) != "" {
+					reactInputFinal = reactInputFinal + "\n\n## 执行过程与工具记录（含多代理编排与子任务）\n\n" + extra
+					b.logger.Info("攻击链输入已补充过程详情",
+						zap.String("conversationId", conversationID),
+						zap.String("messageId", lastAssistantID),
+						zap.Int("detailEvents", len(dets)))
+				}
+			}
+		}
+	}
+
 	// 3. 构建简化的prompt，一次性传递给大模型
 	prompt := b.buildSimplePrompt(reactInputFinal, modelOutput)
 	// fmt.Println(prompt)
@@ -240,6 +279,93 @@ func (b *Builder) BuildChainFromConversation(ctx context.Context, conversationID
 	return chainData, nil
 }
 
+// reactInputContainsToolTrace 判断保存的 ReAct JSON 是否包含可解析的工具调用轨迹（单代理完整保存时为 true）。
+func reactInputContainsToolTrace(reactInputJSON string) bool {
+	s := strings.TrimSpace(reactInputJSON)
+	if s == "" {
+		return false
+	}
+	return strings.Contains(s, "tool_calls") ||
+		strings.Contains(s, "tool_call_id") ||
+		strings.Contains(s, `"role":"tool"`) ||
+		strings.Contains(s, `"role": "tool"`)
+}
+
+// formatProcessDetailsForAttackChain 将最后一轮助手的过程详情格式化为攻击链分析的输入（覆盖多代理下 last_react_input 不完整的情况）。
+func (b *Builder) formatProcessDetailsForAttackChain(details []database.ProcessDetail) string {
+	if len(details) == 0 {
+		return ""
+	}
+	var sb strings.Builder
+	for _, d := range details {
+		// 目标：以主 agent（编排器）视角输出整轮迭代
+		// - 保留：编排器工具调用/结果、对子代理的 task 调度、子代理最终回复（不含推理）
+		// - 丢弃：thinking/planning/progress 等噪声、子代理的工具细节与推理过程
+		if d.EventType == "progress" || d.EventType == "thinking" || d.EventType == "planning" {
+			continue
+		}
+
+		// 解析 data（JSON string），用于识别 einoRole / toolName 等
+		var dataMap map[string]interface{}
+		if strings.TrimSpace(d.Data) != "" {
+			_ = json.Unmarshal([]byte(d.Data), &dataMap)
+		}
+		einoRole := ""
+		if v, ok := dataMap["einoRole"]; ok {
+			einoRole = strings.ToLower(strings.TrimSpace(fmt.Sprint(v)))
+		}
+		toolName := ""
+		if v, ok := dataMap["toolName"]; ok {
+			toolName = strings.TrimSpace(fmt.Sprint(v))
+		}
+
+		// 1) 编排器的工具调用/结果：保留（这是“主 agent 调了什么工具”）
+		if (d.EventType == "tool_call" || d.EventType == "tool_result" || d.EventType == "tool_calls_detected" || d.EventType == "iteration" || d.EventType == "eino_recovery") && einoRole == "orchestrator" {
+			sb.WriteString("[")
+			sb.WriteString(d.EventType)
+			sb.WriteString("] ")
+			sb.WriteString(strings.TrimSpace(d.Message))
+			sb.WriteString("\n")
+			if strings.TrimSpace(d.Data) != "" {
+				sb.WriteString(d.Data)
+				sb.WriteString("\n")
+			}
+			sb.WriteString("\n")
+			continue
+		}
+
+		// 2) 子代理调度：tool_call(toolName=="task") 代表编排器把子任务派发出去；保留（只需任务，不要子代理推理）
+		if d.EventType == "tool_call" && strings.EqualFold(toolName, "task") {
+			sb.WriteString("[dispatch_subagent_task] ")
+			sb.WriteString(strings.TrimSpace(d.Message))
+			sb.WriteString("\n")
+			if strings.TrimSpace(d.Data) != "" {
+				sb.WriteString(d.Data)
+				sb.WriteString("\n")
+			}
+			sb.WriteString("\n")
+			continue
+		}
+
+		// 3) 子代理最终回复：保留（只保留最终输出，不保留分析过程）
+		if d.EventType == "eino_agent_reply" && einoRole == "sub" {
+			sb.WriteString("[subagent_final_reply] ")
+			sb.WriteString(strings.TrimSpace(d.Message))
+			sb.WriteString("\n")
+			// data 里含 einoAgent 等元信息，保留有助于追踪“哪个子代理说的”
+			if strings.TrimSpace(d.Data) != "" {
+				sb.WriteString(d.Data)
+				sb.WriteString("\n")
+			}
+			sb.WriteString("\n")
+			continue
+		}
+
+		// 其他事件默认丢弃，避免把子代理工具细节/推理塞进 prompt，偏离“主 agent 一轮迭代”的视角。
+	}
+	return strings.TrimSpace(sb.String())
+}
+
 // buildReActInput 构建最后一轮ReAct的输入（历史消息+当前用户输入）
 func (b *Builder) buildReActInput(messages []database.Message) string {
 	var builder strings.Builder

internal/database/conversation.go

@@ -4,6 +4,7 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/google/uuid"
@@ -457,6 +458,19 @@ func (db *DB) GetReActData(conversationID string) (reactInput, reactOutput strin
 	return reactInput, reactOutput, nil
 }
 
+// ConversationHasToolProcessDetails 对话是否存在已落库的工具调用/结果（用于多代理等场景下 MCP execution id 未汇总时的攻击链判定）。
+func (db *DB) ConversationHasToolProcessDetails(conversationID string) (bool, error) {
+	var n int
+	err := db.QueryRow(
+		`SELECT COUNT(*) FROM process_details WHERE conversation_id = ? AND event_type IN ('tool_call', 'tool_result')`,
+		conversationID,
+	).Scan(&n)
+	if err != nil {
+		return false, fmt.Errorf("查询过程详情失败: %w", err)
+	}
+	return n > 0, nil
+}
+
 // AddMessage 添加消息
 func (db *DB) AddMessage(conversationID, role, content string, mcpExecutionIDs []string) (*Message, error) {
 	id := uuid.New().String()
@@ -540,6 +554,102 @@ func (db *DB) GetMessages(conversationID string) ([]Message, error) {
 	return messages, nil
 }
 
+// turnSliceRange 根据任意一条消息 ID 定位「一轮对话」在 msgs 中的 [start, end) 下标区间（msgs 须已按时间升序，与 GetMessages 一致）。
+// 一轮 = 从某条 user 消息起，至下一条 user 之前（含中间所有 assistant）。
+func turnSliceRange(msgs []Message, anchorID string) (start, end int, err error) {
+	idx := -1
+	for i := range msgs {
+		if msgs[i].ID == anchorID {
+			idx = i
+			break
+		}
+	}
+	if idx < 0 {
+		return 0, 0, fmt.Errorf("message not found")
+	}
+	start = idx
+	for start > 0 && msgs[start].Role != "user" {
+		start--
+	}
+	if start < len(msgs) && msgs[start].Role != "user" {
+		start = 0
+	}
+	end = len(msgs)
+	for i := start + 1; i < len(msgs); i++ {
+		if msgs[i].Role == "user" {
+			end = i
+			break
+		}
+	}
+	return start, end, nil
+}
+
+// DeleteConversationTurn 删除锚点所在轮次的全部消息（用户提问 + 该轮助手回复等），并清空 last_react_*，避免与消息表不一致。
+func (db *DB) DeleteConversationTurn(conversationID, anchorMessageID string) (deletedIDs []string, err error) {
+	msgs, err := db.GetMessages(conversationID)
+	if err != nil {
+		return nil, err
+	}
+	start, end, err := turnSliceRange(msgs, anchorMessageID)
+	if err != nil {
+		return nil, err
+	}
+	if start >= end {
+		return nil, fmt.Errorf("empty turn range")
+	}
+	deletedIDs = make([]string, 0, end-start)
+	for i := start; i < end; i++ {
+		deletedIDs = append(deletedIDs, msgs[i].ID)
+	}
+
+	tx, err := db.Begin()
+	if err != nil {
+		return nil, fmt.Errorf("begin tx: %w", err)
+	}
+	defer func() { _ = tx.Rollback() }()
+
+	ph := strings.Repeat("?,", len(deletedIDs))
+	ph = ph[:len(ph)-1]
+	args := make([]interface{}, 0, 1+len(deletedIDs))
+	args = append(args, conversationID)
+	for _, id := range deletedIDs {
+		args = append(args, id)
+	}
+	res, err := tx.Exec(
+		"DELETE FROM messages WHERE conversation_id = ? AND id IN ("+ph+")",
+		args...,
+	)
+	if err != nil {
+		return nil, fmt.Errorf("delete messages: %w", err)
+	}
+	n, err := res.RowsAffected()
+	if err != nil {
+		return nil, err
+	}
+	if int(n) != len(deletedIDs) {
+		return nil, fmt.Errorf("deleted count mismatch")
+	}
+
+	_, err = tx.Exec(
+		`UPDATE conversations SET last_react_input = NULL, last_react_output = NULL, updated_at = ? WHERE id = ?`,
+		time.Now(), conversationID,
+	)
+	if err != nil {
+		return nil, fmt.Errorf("clear react data: %w", err)
+	}
+
+	if err := tx.Commit(); err != nil {
+		return nil, fmt.Errorf("commit: %w", err)
+	}
+
+	db.logger.Info("conversation turn deleted",
+		zap.String("conversationId", conversationID),
+		zap.Strings("deletedMessageIds", deletedIDs),
+		zap.Int("count", len(deletedIDs)),
+	)
+	return deletedIDs, nil
+}
+
 // ProcessDetail 过程详情事件
 type ProcessDetail struct {
 	ID             string    `json:"id"`

internal/database/conversation_turn_test.go

@@ -0,0 +1,39 @@
+package database
+
+import (
+	"testing"
+)
+
+func TestTurnSliceRange(t *testing.T) {
+	mk := func(id, role string) Message {
+		return Message{ID: id, Role: role}
+	}
+	msgs := []Message{
+		mk("u1", "user"),
+		mk("a1", "assistant"),
+		mk("u2", "user"),
+		mk("a2", "assistant"),
+	}
+	cases := []struct {
+		anchor string
+		start  int
+		end    int
+	}{
+		{"u1", 0, 2},
+		{"a1", 0, 2},
+		{"u2", 2, 4},
+		{"a2", 2, 4},
+	}
+	for _, tc := range cases {
+		s, e, err := turnSliceRange(msgs, tc.anchor)
+		if err != nil {
+			t.Fatalf("anchor %s: %v", tc.anchor, err)
+		}
+		if s != tc.start || e != tc.end {
+			t.Fatalf("anchor %s: got [%d,%d) want [%d,%d)", tc.anchor, s, e, tc.start, tc.end)
+		}
+	}
+	if _, _, err := turnSliceRange(msgs, "nope"); err == nil {
+		t.Fatal("expected error for missing id")
+	}
+}

internal/handler/agent.go

@@ -1256,7 +1256,7 @@ func (h *AgentHandler) AgentLoopStream(c *gin.Context) {
 
 	// 保存用户消息：有附件时一并保存附件名与路径，刷新后显示、继续对话时大模型也能从历史中拿到路径
 	userContent := userMessageContentForStorage(req.Message, req.Attachments, savedPaths)
-	_, err = h.db.AddMessage(conversationID, "user", userContent, nil)
+	userMsgRow, err := h.db.AddMessage(conversationID, "user", userContent, nil)
 	if err != nil {
 		h.logger.Error("保存用户消息失败", zap.Error(err))
 	}
@@ -1275,6 +1275,14 @@ func (h *AgentHandler) AgentLoopStream(c *gin.Context) {
 		assistantMessageID = assistantMsg.ID
 	}
 
+	// 尽早下发消息 ID，便于前端在流式结束前挂上「删除本轮」等（无需等整段结束再刷新）
+	if userMsgRow != nil {
+		sendEvent("message_saved", "", map[string]interface{}{
+			"conversationId": conversationID,
+			"userMessageId":  userMsgRow.ID,
+		})
+	}
+
 	// 创建进度回调函数，复用统一逻辑
 	progressCallback := h.createProgressCallback(conversationID, assistantMessageID, sendEvent)
 

internal/handler/chat_uploads.go

@@ -93,22 +93,27 @@ func (h *ChatUploadsHandler) List(c *gin.Context) {
 		return
 	}
 	var files []ChatUploadFileItem
+	var folders []string
 	err = filepath.WalkDir(root, func(path string, d os.DirEntry, walkErr error) error {
 		if walkErr != nil {
 			return walkErr
 		}
+		rel, err := filepath.Rel(root, path)
+		if err != nil {
+			return err
+		}
+		if rel == "." {
+			return nil
+		}
+		relSlash := filepath.ToSlash(rel)
 		if d.IsDir() {
+			folders = append(folders, relSlash)
 			return nil
 		}
 		info, err := d.Info()
 		if err != nil {
 			return err
 		}
-		rel, err := filepath.Rel(root, path)
-		if err != nil {
-			return err
-		}
-		relSlash := filepath.ToSlash(rel)
 		parts := strings.Split(relSlash, "/")
 		var dateStr, convID string
 		if len(parts) >= 2 {
@@ -142,10 +147,31 @@ func (h *ChatUploadsHandler) List(c *gin.Context) {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
+	if conversationFilter != "" {
+		filteredFolders := make([]string, 0, len(folders))
+		for _, rel := range folders {
+			parts := strings.Split(rel, "/")
+			if len(parts) >= 2 && parts[1] == conversationFilter {
+				filteredFolders = append(filteredFolders, rel)
+				continue
+			}
+			if len(parts) == 1 {
+				prefix := rel + "/"
+				for _, f := range files {
+					if strings.HasPrefix(f.RelativePath, prefix) {
+						filteredFolders = append(filteredFolders, rel)
+						break
+					}
+				}
+			}
+		}
+		folders = filteredFolders
+	}
+	sort.Strings(folders)
 	sort.Slice(files, func(i, j int) bool {
 		return files[i].ModifiedUnix > files[j].ModifiedUnix
 	})
-	c.JSON(http.StatusOK, gin.H{"files": files})
+	c.JSON(http.StatusOK, gin.H{"files": files, "folders": folders})
 }
 
 // Download GET /api/chat-uploads/download?path=...

internal/handler/conversation.go

@@ -190,3 +190,44 @@ func (h *ConversationHandler) DeleteConversation(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"message": "删除成功"})
 }
 
+// DeleteTurnRequest 删除一轮对话（POST /api/conversations/:id/delete-turn）
+type DeleteTurnRequest struct {
+	MessageID string `json:"messageId"`
+}
+
+// DeleteConversationTurn 删除锚点消息所在轮次（从该轮 user 到下一轮 user 之前），并清空 last_react_*。
+func (h *ConversationHandler) DeleteConversationTurn(c *gin.Context) {
+	conversationID := c.Param("id")
+	if conversationID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "conversation id required"})
+		return
+	}
+
+	var req DeleteTurnRequest
+	if err := c.ShouldBindJSON(&req); err != nil || req.MessageID == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "messageId required"})
+		return
+	}
+
+	if _, err := h.db.GetConversation(conversationID); err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"error": "对话不存在"})
+		return
+	}
+
+	deletedIDs, err := h.db.DeleteConversationTurn(conversationID, req.MessageID)
+	if err != nil {
+		h.logger.Warn("删除对话轮次失败",
+			zap.String("conversationId", conversationID),
+			zap.String("messageId", req.MessageID),
+			zap.Error(err),
+		)
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"deletedMessageIds": deletedIDs,
+		"message":           "ok",
+	})
+}
+

internal/handler/multi_agent.go

@@ -103,6 +103,13 @@ func (h *AgentHandler) MultiAgentLoopStream(c *gin.Context) {
 	conversationID := prep.ConversationID
 	assistantMessageID := prep.AssistantMessageID
 
+	if prep.UserMessageID != "" {
+		sendEvent("message_saved", "", map[string]interface{}{
+			"conversationId": conversationID,
+			"userMessageId":  prep.UserMessageID,
+		})
+	}
+
 	progressCallback := h.createProgressCallback(conversationID, assistantMessageID, sendEvent)
 
 	baseCtx, cancelWithCause := context.WithCancelCause(context.Background())

internal/handler/multi_agent_prepare.go

@@ -19,6 +19,7 @@ type multiAgentPrepared struct {
 	FinalMessage       string
 	RoleTools          []string
 	AssistantMessageID string
+	UserMessageID      string
 }
 
 func (h *AgentHandler) prepareMultiAgentSession(req *ChatRequest) (*multiAgentPrepared, error) {
@@ -109,9 +110,14 @@ func (h *AgentHandler) prepareMultiAgentSession(req *ChatRequest) (*multiAgentPr
 	finalMessage = appendAttachmentsToMessage(finalMessage, req.Attachments, savedPaths)
 
 	userContent := userMessageContentForStorage(req.Message, req.Attachments, savedPaths)
-	if _, err = h.db.AddMessage(conversationID, "user", userContent, nil); err != nil {
-		h.logger.Error("保存用户消息失败", zap.Error(err))
-		return nil, fmt.Errorf("保存用户消息失败: %w", err)
+	userMsgRow, uerr := h.db.AddMessage(conversationID, "user", userContent, nil)
+	if uerr != nil {
+		h.logger.Error("保存用户消息失败", zap.Error(uerr))
+		return nil, fmt.Errorf("保存用户消息失败: %w", uerr)
+	}
+	userMessageID := ""
+	if userMsgRow != nil {
+		userMessageID = userMsgRow.ID
 	}
 
 	assistantMsg, aerr := h.db.AddMessage(conversationID, "assistant", "处理中...", nil)
@@ -129,5 +135,6 @@ func (h *AgentHandler) prepareMultiAgentSession(req *ChatRequest) (*multiAgentPr
 		FinalMessage:       finalMessage,
 		RoleTools:          roleTools,
 		AssistantMessageID: assistantMessageID,
+		UserMessageID:      userMessageID,
 	}, nil
 }

web/static/css/style.css

@@ -1573,6 +1573,81 @@ header {
     letter-spacing: 0.01em;
 }
 
+/* 时间戳 + 删除本轮（与气泡分离，和「展开详情」同一视觉层级） */
+.message-meta-footer {
+    display: flex;
+    flex-direction: row;
+    align-items: center; /* 与时间戳、删除钮统一垂直居中 */
+    gap: 8px;
+    margin-top: 6px;
+    flex-wrap: wrap;
+    width: 100%;
+    min-height: 28px;
+}
+
+.message.user .message-meta-footer {
+    justify-content: flex-end;
+}
+
+.message.assistant .message-meta-footer {
+    justify-content: flex-start;
+}
+
+.message-delete-turn-btn {
+    position: static;
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    width: 28px;
+    height: 28px;
+    padding: 0;
+    border: 1px solid transparent;
+    border-radius: 6px;
+    background: transparent;
+    color: var(--text-secondary, #888);
+    cursor: pointer;
+    opacity: 0.5;
+    flex-shrink: 0;
+    transition: opacity 0.2s ease, color 0.2s ease, background 0.2s ease, border-color 0.2s ease;
+}
+
+.message:hover .message-meta-footer .message-delete-turn-btn {
+    opacity: 0.85;
+}
+
+.message-delete-turn-btn:hover {
+    color: #c62828;
+    background: rgba(198, 40, 40, 0.07);
+    border-color: rgba(198, 40, 40, 0.15);
+    opacity: 1;
+}
+
+.message-delete-turn-btn:focus-visible {
+    opacity: 1;
+    outline: 2px solid var(--accent-color, #0066ff);
+    outline-offset: 1px;
+}
+
+/* 与删除钮同一行时：去掉时间戳默认 margin-top，避免文字偏低、图标显「高」 */
+.message-meta-footer .message-time {
+    margin-top: 0;
+    display: inline-flex;
+    align-items: center;
+    min-height: 28px;
+    line-height: 1.3;
+}
+
+.message-delete-turn-btn svg {
+    display: block;
+    flex-shrink: 0;
+}
+
+@media (hover: none) {
+    .message-delete-turn-btn {
+        opacity: 0.65;
+    }
+}
+
 /* 用户消息中的表格样式 */
 .message.user .message-bubble .table-wrapper {
     scrollbar-color: rgba(255, 255, 255, 0.3) transparent;

web/static/i18n/en-US.json

@@ -138,6 +138,9 @@
     "expandDetail": "Expand details",
     "noProcessDetail": "No process details (execution may be too fast or no detailed events)",
     "copyMessageTitle": "Copy message",
+    "deleteTurnTitle": "Delete this turn",
+    "deleteTurnConfirm": "Delete this entire turn (user message and assistant reply)? This cannot be undone. The next reply will use only the remaining messages; saved context snapshots will be cleared.",
+    "deleteTurnFailed": "Failed to delete turn",
     "emptyGroupConversations": "This group has no conversations yet.",
     "noMatchingConversationsInGroup": "No matching conversations found.",
     "noHistoryConversations": "No conversation history yet",
@@ -1107,6 +1110,7 @@
     "folderPathCopied": "Folder path copied — paste into chat if needed",
     "folderEmpty": "This folder is empty",
     "confirmDeleteFolder": "Delete this folder and everything inside it? This cannot be undone.",
+    "folderRemovedStale": "That folder is not on the server anymore; list refreshed.",
     "deleteFolderTitle": "Delete folder",
     "uploadToFolderTitle": "Upload file into this folder",
     "newFolderButton": "New folder",

web/static/i18n/zh-CN.json

@@ -138,6 +138,9 @@
     "expandDetail": "展开详情",
     "noProcessDetail": "暂无过程详情（可能执行过快或未触发详细事件）",
     "copyMessageTitle": "复制消息内容",
+    "deleteTurnTitle": "删除本轮对话",
+    "deleteTurnConfirm": "确定删除本轮对话？将同时删除该轮用户消息与助手回复，且无法恢复；下次模型回复将仅基于剩余消息（已保存的上下文快照会清空并按剩余内容重建）。",
+    "deleteTurnFailed": "删除本轮失败",
     "emptyGroupConversations": "该分组暂无对话",
     "noMatchingConversationsInGroup": "未找到匹配的对话",
     "noHistoryConversations": "暂无历史对话",
@@ -1107,6 +1110,7 @@
     "folderPathCopied": "目录路径已复制，可粘贴到对话中",
     "folderEmpty": "此文件夹为空",
     "confirmDeleteFolder": "确定删除该文件夹及其中的全部文件？此操作不可恢复。",
+    "folderRemovedStale": "服务器上已无该目录，列表已刷新。",
     "deleteFolderTitle": "删除文件夹",
     "uploadToFolderTitle": "上传文件到此文件夹",
     "newFolderButton": "新建文件夹",

web/static/js/chat-files.js

@@ -1,6 +1,8 @@
 // 对话附件（chat_uploads）文件管理
 
 let chatFilesCache = [];
+/** 后端 GET /api/chat-uploads 返回的目录相对路径（含空文件夹），与 files 合并成树 */
+let chatFilesFoldersCache = [];
 let chatFilesDisplayed = [];
 let chatFilesEditRelativePath = '';
 let chatFilesRenameRelativePath = '';
@@ -15,98 +17,6 @@ let chatFilesPendingUploadDir = '';
 /** 文件管理页面向服务器上传进行中，避免重复选择并禁用顶栏按钮 */
 let chatFilesXHRUploadBusy = false;
 
-/** 仅前端记录的「空目录」键 parentPath（'' 表示 chat_uploads 根）-> 子目录名列表，与树合并以便 mkdir 后可见 */
-const CHAT_FILES_SYNTHETIC_DIRS_KEY = 'csai_chat_files_synthetic_dirs';
-let chatFilesSyntheticEmptyDirs = {};
-
-function chatFilesLoadSyntheticDirsFromStorage() {
-    try {
-        const raw = localStorage.getItem(CHAT_FILES_SYNTHETIC_DIRS_KEY);
-        if (!raw) return;
-        const o = JSON.parse(raw);
-        if (o && typeof o === 'object') {
-            chatFilesSyntheticEmptyDirs = o;
-        }
-    } catch (e) {
-        chatFilesSyntheticEmptyDirs = {};
-    }
-}
-
-function chatFilesRegisterSyntheticEmptyDir(parentSegments, name) {
-    const p = parentSegments.join('/');
-    if (!chatFilesSyntheticEmptyDirs[p]) {
-        chatFilesSyntheticEmptyDirs[p] = [];
-    }
-    const arr = chatFilesSyntheticEmptyDirs[p];
-    if (arr.indexOf(name) === -1) {
-        arr.push(name);
-    }
-    try {
-        localStorage.setItem(CHAT_FILES_SYNTHETIC_DIRS_KEY, JSON.stringify(chatFilesSyntheticEmptyDirs));
-    } catch (e) {
-        /* ignore */
-    }
-}
-
-function chatFilesRemoveSyntheticDirSubtree(relPathUnderRoot) {
-    const rel = String(relPathUnderRoot || '').replace(/\\/g, '/').replace(/^\/+/, '').replace(/\/+$/, '');
-    if (!rel) return;
-    const parts = rel.split('/').filter(function (x) {
-        return x.length > 0;
-    });
-    if (parts.length === 0) return;
-    const leaf = parts[parts.length - 1];
-    const parentKey = parts.slice(0, -1).join('/');
-    const arr = chatFilesSyntheticEmptyDirs[parentKey];
-    if (arr) {
-        const ix = arr.indexOf(leaf);
-        if (ix >= 0) arr.splice(ix, 1);
-        if (arr.length === 0) delete chatFilesSyntheticEmptyDirs[parentKey];
-    }
-    const prefix = rel + '/';
-    let k;
-    for (k in chatFilesSyntheticEmptyDirs) {
-        if (!Object.prototype.hasOwnProperty.call(chatFilesSyntheticEmptyDirs, k)) continue;
-        if (k === rel || k.indexOf(prefix) === 0) {
-            delete chatFilesSyntheticEmptyDirs[k];
-        }
-    }
-    try {
-        localStorage.setItem(CHAT_FILES_SYNTHETIC_DIRS_KEY, JSON.stringify(chatFilesSyntheticEmptyDirs));
-    } catch (e) {
-        /* ignore */
-    }
-}
-
-function chatFilesMergeSyntheticDirsIntoTree(root) {
-    function ensurePath(node, segments) {
-        let n = node;
-        let i;
-        for (i = 0; i < segments.length; i++) {
-            const s = segments[i];
-            if (!n.dirs[s]) n.dirs[s] = chatFilesTreeMakeNode();
-            n = n.dirs[s];
-        }
-        return n;
-    }
-    let k;
-    for (k in chatFilesSyntheticEmptyDirs) {
-        if (!Object.prototype.hasOwnProperty.call(chatFilesSyntheticEmptyDirs, k)) continue;
-        const names = chatFilesSyntheticEmptyDirs[k];
-        if (!Array.isArray(names)) continue;
-        const segs = k ? k.split('/').filter(function (x) {
-            return x.length > 0;
-        }) : [];
-        const node = ensurePath(root, segs);
-        let ni;
-        for (ni = 0; ni < names.length; ni++) {
-            const nm = names[ni];
-            if (!nm || typeof nm !== 'string') continue;
-            if (!node.dirs[nm]) node.dirs[nm] = chatFilesTreeMakeNode();
-        }
-    }
-}
-
 function chatFilesLoadBrowsePathFromStorage() {
     try {
         const raw = localStorage.getItem(CHAT_FILES_BROWSE_PATH_KEY);
@@ -157,7 +67,11 @@ function chatFilesNormalizeBrowsePathForTree(root) {
 
 function initChatFilesPage() {
     chatFilesLoadBrowsePathFromStorage();
-    chatFilesLoadSyntheticDirsFromStorage();
+    try {
+        localStorage.removeItem('csai_chat_files_synthetic_dirs');
+    } catch (e) {
+        /* ignore */
+    }
     ensureChatFilesDocClickClose();
     const sel = document.getElementById('chat-files-group-by');
     if (sel) {
@@ -280,6 +194,7 @@ async function loadChatFilesPage() {
         }
         const data = await res.json();
         chatFilesCache = Array.isArray(data.files) ? data.files : [];
+        chatFilesFoldersCache = Array.isArray(data.folders) ? data.folders : [];
         renderChatFilesTable();
     } catch (e) {
         console.error(e);
@@ -303,7 +218,7 @@ function chatFilesNameFilter(files) {
 
 /** 仅前端按文件名筛选，不重新请求 */
 function chatFilesFilterNameOnInput() {
-    if (!chatFilesCache.length && chatFilesGetGroupByMode() !== 'folder') return;
+    if (!chatFilesCache.length && !chatFilesFoldersCache.length && chatFilesGetGroupByMode() !== 'folder') return;
     renderChatFilesTable();
 }
 
@@ -463,9 +378,34 @@ function chatFilesBuildTree(files) {
     return root;
 }
 
+/** 将后端返回的目录相对路径（如 a/b/c）并入树，便于展示空文件夹 */
+function chatFilesTreeInsertFolderPath(root, relSlash) {
+    const rp = String(relSlash || '').replace(/\\/g, '/').replace(/^\/+/, '');
+    if (!rp) return;
+    const parts = rp.split('/').filter(function (p) {
+        return p.length > 0;
+    });
+    if (!parts.length) return;
+    let node = root;
+    let i;
+    for (i = 0; i < parts.length; i++) {
+        const seg = parts[i];
+        if (!node.dirs[seg]) node.dirs[seg] = chatFilesTreeMakeNode();
+        node = node.dirs[seg];
+    }
+}
+
+function chatFilesMergeFoldersIntoTree(root, folderPaths) {
+    if (!Array.isArray(folderPaths)) return;
+    let i;
+    for (i = 0; i < folderPaths.length; i++) {
+        chatFilesTreeInsertFolderPath(root, folderPaths[i]);
+    }
+}
+
 function chatFilesTreeRootMerged() {
     const root = chatFilesBuildTree(chatFilesDisplayed);
-    chatFilesMergeSyntheticDirsIntoTree(root);
+    chatFilesMergeFoldersIntoTree(root, chatFilesFoldersCache);
     return root;
 }
 
@@ -907,9 +847,30 @@ async function deleteChatFolderFromBrowse(folderName) {
             body: JSON.stringify({ path: rel })
         });
         if (!res.ok) {
-            throw new Error(await res.text());
+            const raw = await res.text();
+            if (res.status === 404) {
+                let errMsg = raw;
+                try {
+                    const j = JSON.parse(raw);
+                    if (j && j.error) errMsg = j.error;
+                } catch (eParse) {
+                    /* keep raw */
+                }
+                if (/not\s*found/i.test(String(errMsg))) {
+                    loadChatFilesPage();
+                    const cleared = (typeof window.t === 'function')
+                        ? window.t('chatFilesPage.folderRemovedStale')
+                        : '服务器上不存在该目录，列表已刷新。';
+                    if (typeof chatFilesShowToast === 'function') {
+                        chatFilesShowToast(cleared);
+                    } else {
+                        alert(cleared);
+                    }
+                    return;
+                }
+            }
+            throw new Error(raw || String(res.status));
         }
-        chatFilesRemoveSyntheticDirSubtree(rel);
         loadChatFilesPage();
     } catch (e) {
         alert((e && e.message) ? e.message : String(e));
@@ -1188,7 +1149,6 @@ async function submitChatFilesMkdir() {
             }
             throw new Error(errText || String(res.status));
         }
-        chatFilesRegisterSyntheticEmptyDir(chatFilesBrowsePath.slice(), name);
         closeChatFilesMkdirModal();
         loadChatFilesPage();
         const okMsg = (typeof window.t === 'function')

web/static/js/chat.js

@@ -2452,6 +2452,7 @@ async function loadConversation(conversationId) {
                 const messageEl = document.getElementById(messageId);
                 if (messageEl && msg && msg.id) {
                     messageEl.dataset.backendMessageId = String(msg.id);
+                    attachDeleteTurnButton(messageEl);
                 }
                 // 对于助手消息，总是渲染过程详情（即使没有processDetails也要显示展开详情按钮）
                 if (msg.role === 'assistant') {
@@ -2491,6 +2492,67 @@ async function loadConversation(conversationId) {
     }
 }
 
+/** 「删除本轮」：与时间戳同一行（message-meta-footer），风格与复制按钮区区分 */
+function attachDeleteTurnButton(messageEl) {
+    if (!messageEl || !messageEl.dataset.backendMessageId) return;
+    if (messageEl.querySelector('.message-delete-turn-btn')) return;
+    const content = messageEl.querySelector('.message-content');
+    if (!content) return;
+    const btn = document.createElement('button');
+    btn.type = 'button';
+    btn.className = 'message-delete-turn-btn';
+    const title = typeof window.t === 'function' ? window.t('chat.deleteTurnTitle') : '删除本轮对话';
+    btn.title = title;
+    btn.setAttribute('aria-label', title);
+    btn.innerHTML = '<svg width="14" height="14" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true"><path d="M3 6h18M8 6V4a2 2 0 012-2h4a2 2 0 012 2v2m3 0v14a2 2 0 01-2 2H7a2 2 0 01-2-2V6h14zM10 11v6M14 11v6" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/></svg>';
+    btn.onclick = function (e) {
+        e.stopPropagation();
+        e.preventDefault();
+        deleteConversationTurnFromUI(messageEl.dataset.backendMessageId);
+    };
+    const timeDiv = content.querySelector('.message-time');
+    let footer = content.querySelector('.message-meta-footer');
+    if (!footer && timeDiv && timeDiv.parentNode === content) {
+        footer = document.createElement('div');
+        footer.className = 'message-meta-footer';
+        timeDiv.parentNode.insertBefore(footer, timeDiv);
+        footer.appendChild(timeDiv);
+    }
+    if (footer) {
+        footer.appendChild(btn);
+    } else {
+        content.appendChild(btn);
+    }
+}
+
+/** 删除锚点所在整轮（后端：该轮 user 至下一轮 user 之前），并清空 ReAct 快照 */
+async function deleteConversationTurnFromUI(anchorBackendMessageId) {
+    if (!currentConversationId || !anchorBackendMessageId) return;
+    const confirmMsg = typeof window.t === 'function' ? window.t('chat.deleteTurnConfirm') : '确定删除本轮对话？';
+    if (!confirm(confirmMsg)) return;
+    try {
+        const response = await apiFetch(`/api/conversations/${currentConversationId}/delete-turn`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ messageId: anchorBackendMessageId })
+        });
+        let data = {};
+        try {
+            data = await response.json();
+        } catch (e) { /* ignore */ }
+        if (!response.ok) {
+            throw new Error(data.error || data.message || 'delete failed');
+        }
+        await loadConversation(currentConversationId);
+        if (typeof loadConversations === 'function') loadConversations();
+        if (typeof loadConversationsWithGroups === 'function') loadConversationsWithGroups();
+    } catch (error) {
+        console.error('delete turn failed:', error);
+        const failed = typeof window.t === 'function' ? window.t('chat.deleteTurnFailed') : '删除本轮失败';
+        alert(failed + ': ' + (error && error.message ? error.message : error));
+    }
+}
+
 // 删除对话
 async function deleteConversation(conversationId, skipConfirm = false) {
     // 确认删除（如果调用者没有跳过确认）

web/static/js/monitor.js

@@ -700,10 +700,45 @@ function convertProgressToDetails(progressId, assistantMessageId) {
     scrollChatMessagesToBottomIfPinned(insertWasPinned);
 }
 
+/** 将后端消息 UUID 绑定到助手气泡，供删除本轮 / 过程详情懒加载（domId 为前端 msg-*） */
+function applyBackendMessageIdToAssistantDom(domAssistantId, backendMessageId) {
+    if (!domAssistantId || !backendMessageId) return;
+    const el = document.getElementById(domAssistantId);
+    if (!el) return;
+    el.dataset.backendMessageId = String(backendMessageId);
+    if (typeof attachDeleteTurnButton === 'function') {
+        attachDeleteTurnButton(el);
+    }
+}
+
+/** 将后端用户消息 ID 绑定到最后一条尚未绑定 backendMessageId 的用户气泡 */
+function applyBackendMessageIdToLastUser(backendMessageId) {
+    if (!backendMessageId) return;
+    const users = document.querySelectorAll('#chat-messages .message.user');
+    if (!users.length) return;
+    const lastUser = users[users.length - 1];
+    if (lastUser.dataset.backendMessageId) return;
+    lastUser.dataset.backendMessageId = String(backendMessageId);
+    if (typeof attachDeleteTurnButton === 'function') {
+        attachDeleteTurnButton(lastUser);
+    }
+}
+
 // 处理流式事件
 function handleStreamEvent(event, progressElement, progressId, 
                           getAssistantId, setAssistantId, getMcpIds, setMcpIds) {
     const streamScrollWasPinned = isChatMessagesPinnedToBottom();
+
+    // 不依赖进度时间线；在首条 SSE 即可绑定用户消息 ID
+    if (event.type === 'message_saved') {
+        const d = event.data || {};
+        if (d.userMessageId) {
+            applyBackendMessageIdToLastUser(d.userMessageId);
+        }
+        scrollChatMessagesToBottomIfPinned(streamScrollWasPinned);
+        return;
+    }
+
     const timeline = document.getElementById(progressId + '-timeline');
     if (!timeline) return;
 
@@ -1173,6 +1208,9 @@ function handleStreamEvent(event, progressElement, progressId,
             {
                 const preferredMessageId = event.data && event.data.messageId ? event.data.messageId : null;
                 const { assistantId, assistantElement } = upsertTerminalAssistantMessage(event.message, preferredMessageId);
+                if (assistantId && preferredMessageId) {
+                    applyBackendMessageIdToAssistantDom(assistantId, preferredMessageId);
+                }
                 if (assistantElement) {
                     const detailsId = 'process-details-' + assistantId;
                     if (!document.getElementById(detailsId)) {
@@ -1306,6 +1344,11 @@ function handleStreamEvent(event, progressElement, progressId,
             integrateProgressToMCPSection(progressId, assistantIdFinal, mcpIds);
             responseStreamStateByProgressId.delete(progressId);
 
+            const respMid = responseData.messageId;
+            if (respMid) {
+                applyBackendMessageIdToAssistantDom(assistantIdFinal, respMid);
+            }
+
             setTimeout(() => {
                 collapseAllProgressDetails(assistantIdFinal, progressId);
             }, 3000);
@@ -1344,6 +1387,9 @@ function handleStreamEvent(event, progressElement, progressId,
             {
                 const preferredMessageId = event.data && event.data.messageId ? event.data.messageId : null;
                 const { assistantId, assistantElement } = upsertTerminalAssistantMessage(event.message, preferredMessageId);
+                if (assistantId && preferredMessageId) {
+                    applyBackendMessageIdToAssistantDom(assistantId, preferredMessageId);
+                }
                 if (assistantElement) {
                     const detailsId = 'process-details-' + assistantId;
                     if (!document.getElementById(detailsId)) {