Update config.yaml

Add files via upload
2026-06-11 00:27:53 +02:00 · 2026-06-11 02:03:03 +08:00 · 2026-06-11 01:48:42 +08:00 · 2026-06-11 01:43:35 +08:00 · 2026-06-11 01:41:57 +08:00 · 2026-06-11 01:40:00 +08:00
60 changed files with 4418 additions and 3297 deletions
@@ -29,7 +29,6 @@ If CyberStrikeAI helps you, you can support the project via **WeChat Pay** or **

 CyberStrikeAI is an **AI-native security testing platform** built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, comprehensive lifecycle management capabilities, and a **built-in lightweight C2 (Command & Control) framework** for **authorized** engagements (listeners, encrypted implants, sessions, tasks, real-time events, REST and MCP). Through native MCP protocol and AI agents, it enables end-to-end automation from conversational commands to vulnerability discovery, attack-chain analysis, knowledge retrieval, and result visualization—delivering an auditable, traceable, and collaborative testing environment for security teams.

-
 ## Interface & Integration Preview

 <div align="center">
@@ -117,9 +116,9 @@ CyberStrikeAI is an **AI-native security testing platform** built in Go. It inte
 - 🛡️ Vulnerability management with CRUD operations, severity tracking, status workflow, and statistics
 - 📋 Batch task management: create task queues, add multiple tasks, and execute them sequentially
 - 🎭 Role-based testing: predefined security testing roles (Penetration Testing, CTF, Web App Scanning, etc.) with custom prompts and tool restrictions
- 🧩 **Agent orchestration (CloudWeGo Eino)**: **single-agent** via **`/api/eino-agent/stream`** (Eino ADK `ChatModelAgent`); **multi-agent** via **`/api/multi-agent/stream`** with **`deep`** (coordinator + `task` sub-agents), **`plan_execute`**, or **`supervisor`** (`orchestration` in the request body). Markdown under `agents/`: `orchestrator.md`, `orchestrator-plan-execute.md`, `orchestrator-supervisor.md`, plus sub-agent `*.md` (see [Multi-agent doc](docs/MULTI_AGENT_EINO.md))
+- 🧩 **Agent orchestration (CloudWeGo Eino)**: **single-agent** via **`/api/eino-agent/stream`** (Eino ADK `ChatModelAgent`); **multi-agent** via **`/api/multi-agent/stream`** with **`deep`** (coordinator + `task` sub-agents), **`plan_execute`**, or **`supervisor`** (`orchestration` in the request body). ADK **summarization** compresses long contexts; pre-compaction **transcripts** land at `data/conversation_artifacts/<conversation-id>/summarization/transcript.txt` (full user/assistant/tool turns; static system omitted). Markdown under `agents/`: `orchestrator.md`, `orchestrator-plan-execute.md`, `orchestrator-supervisor.md`, plus sub-agent `*.md` (see [Multi-agent doc](docs/MULTI_AGENT_EINO.md))
 - 🖼️ **Vision analysis (`analyze_image`)**: separate VL model (e.g. `qwen-vl-max`) via MCP for local screenshots, captchas, and UI; image bytes stay out of agent history (text summaries only). Configure `vision` in `config.yaml`; see [docs/VISION.md](docs/VISION.md)
- 🎯 **Skills (refactored for Eino)**: packs under `skills_dir` follow **Agent Skills** layout (`SKILL.md` + optional files); **multi-agent** sessions use the official Eino ADK **`skill`** tool for **progressive disclosure** (load by name), with optional **host filesystem / shell** via `multi_agent.eino_skills`; optional **`eino_middleware`** adds patchtoolcalls, tool_search, plantask, reduction, checkpoints, and Deep tuning—20+ sample domains (SQLi, XSS, API security, …) ship under `skills/`
+- 🎯 **Skills (refactored for Eino)**: packs under `skills_dir` follow **Agent Skills** layout (`SKILL.md` + optional files); **multi-agent** sessions use the official Eino ADK **`skill`** tool for **progressive disclosure** (load by name), with optional **host filesystem / shell** via `multi_agent.eino_skills`; optional **`eino_middleware`** adds patchtoolcalls, tool_search, **plantask** (`TaskCreate` / `TaskList` boards under `skills_dir/.eino/plantask/`), reduction, file **checkpoints** (`checkpoint_dir`), ChatModel **retries**, session **output key**, and Deep tuning—20+ sample domains (SQLi, XSS, API security, …) ship under `skills/`
 - 📱 **Chatbot**: DingTalk and Lark (Feishu) long-lived connections so you can talk to CyberStrikeAI from mobile (see [Robot / Chatbot guide](docs/robot_en.md) for setup and commands)
 - 🧑‍⚖️ **Human-in-the-loop (HITL)**: Chat sidebar to set approval mode and tool allowlists (listed tools skip approval); global list in `config.yaml` under `hitl.tool_whitelist`; **Apply** can merge new tools into the file and update the running server without restart; dedicated **HITL** page for pending approvals
 - 🐚 **WebShell management**: Add and manage WebShell connections (e.g. IceSword/AntSword compatible), use a virtual terminal for command execution, a built-in file manager for file operations, and an AI assistant tab that orchestrates tests and keeps per-connection conversation history; supports PHP, ASP, ASPX, JSP and custom shell types with configurable request method and command parameter.
@@ -190,13 +189,14 @@ The `run.sh` script will automatically:
     ```
   - Or edit `config.yaml` directly before launching
 2. **Login** - Use the auto-generated password shown in the console (or set `auth.password` in `config.yaml`)
-3. **Install security tools (optional)** - Install tools as needed:
+3. **Install security tools (optional)** - Install all tools declared under `tools/`:
   ```bash
-   # macOS
-   brew install nmap sqlmap nuclei httpx gobuster feroxbuster subfinder amass
-   # Ubuntu/Debian
-   sudo apt-get install nmap sqlmap nuclei httpx gobuster feroxbuster
+   ./install-tools.sh              # install missing tools (best on Kali/Debian/Ubuntu)
+   ./install-tools.sh --check      # check only, no install
+   ./install-tools.sh --list       # show per-tool status
+   ./install-tools.sh --only nmap,gau   # install selected tools only
   ```
+   On macOS, install bash 4+ via Homebrew first; without apt, the script falls back to pip/go/GitHub.
   AI automatically falls back to alternatives when a tool is missing.

 **Alternative Launch Methods:**
@@ -260,7 +260,7 @@ Requirements / tips:
 - **Predefined roles** – System includes 12+ predefined security testing roles (Penetration Testing, CTF, Web App Scanning, API Security Testing, Binary Analysis, Cloud Security Audit, etc.) in the `roles/` directory.
 - **Custom prompts** – Each role can define a `user_prompt` that prepends to user messages, guiding the AI to adopt specialized testing methodologies and focus areas.
 - **Tool restrictions** – Roles can specify a `tools` list to limit available tools, ensuring focused testing workflows (e.g., CTF role restricts to CTF-specific utilities).
- **Skills** – Skill packs live under `skills_dir` and load via the Eino ADK **`skill`** tool (**progressive disclosure**) in both **single- and multi-agent** sessions when **`multi_agent.eino_skills`** is enabled. Optional host **read_file / glob / grep / write / edit / execute** and **`eino_middleware`** (tool_search, reduction, checkpoints, etc.) apply per mode—see docs.
+- **Skills** – Skill packs live under `skills_dir` and load via the Eino ADK **`skill`** tool (**progressive disclosure**) in both **single- and multi-agent** sessions when **`multi_agent.eino_skills`** is enabled. Optional host **read_file / glob / grep / write / edit / execute** and **`eino_middleware`** (tool_search, plantask, reduction, checkpoints, summarization transcripts, etc.) apply per mode—see docs.
 - **Easy role creation** – Create custom roles by adding YAML files to the `roles/` directory. Each role defines `name`, `description`, `user_prompt`, `icon`, `tools`, and `enabled` fields.
 - **Web UI integration** – Select roles from a dropdown in the chat interface. Role selection affects both AI behavior and available tool suggestions.

@@ -288,6 +288,7 @@ Requirements / tips:
  - **Sub-agents** (for **deep** / **supervisor**): other `*.md` files (YAML front matter + body). Not used as **`task`** targets if marked orchestrator-only.
 - **Management** – Web UI: **Agents → Agent management**; API `/api/multi-agent/markdown-agents`.
 - **Config** – `multi_agent` in `config.yaml`: `enabled`, `robot_default_agent_mode`, `batch_use_multi_agent`, `max_iteration`, `plan_execute_loop_max_iterations`, per-mode orchestrator instruction fields, optional YAML `sub_agents` merged with disk (`id` clash → Markdown wins), **`eino_skills`**, **`eino_middleware`** (optional ADK middleware and Deep/Supervisor tuning).
+- **Resilience & long runs** – `checkpoint_dir` enables ADK **resume** after process crashes (distinct from trace-based “interrupt & continue”). `deep_model_retry_max_retries` retries transient LLM API failures within a single call. **Summarization** writes a filtered **transcript** when compression fires; the summary message includes the path so the model can `read_file` for scan output and other pre-compaction details.
 - **Details** – **[docs/MULTI_AGENT_EINO.md](docs/MULTI_AGENT_EINO.md)** (streaming, robots, batch, middleware caveats).

 ### Skills System (Agent Skills + Eino)
@@ -295,7 +296,7 @@ Requirements / tips:
 - **Runtime refactor** – **`skills_dir`** is the single root for packs. **Multi-agent** loads them through Eino’s official **`skill`** middleware (**progressive disclosure**: model calls `skill` with a pack **name** instead of receiving full SKILL text up front). Configure via **`multi_agent.eino_skills`**: `disable`, `filesystem_tools` (host read/glob/grep/write/edit/execute), `skill_tool_name`.
 - **Eino / RAG** – Packages are also split into `schema.Document` chunks for `FilesystemSkillsRetriever` (`skills.AsEinoRetriever()`) in **compose** graphs (e.g. knowledge/indexing pipelines).
 - **HTTP API** – `/api/skills` listing and `depth` (`summary` | `full`), `section`, and `resource_path` remain for the web UI and ops; **model-side** skill loading in multi-agent uses the **`skill`** tool, not MCP.
- **Optional `eino_middleware`** – e.g. `tool_search` (dynamic MCP tool list), `patch_tool_calls`, `plantask` (structured tasks; persistence defaults under a subdirectory of `skills_dir`), `reduction`, `checkpoint_dir`, Deep output key / model retries / task-tool description prefix—see `config.yaml` and `internal/config/config.go`.
+- **Optional `eino_middleware`** – e.g. `tool_search` (dynamic MCP tool list), `patch_tool_calls`, **`plantask`** (Eino `TaskCreate` / `TaskGet` / `TaskUpdate` / `TaskList`; JSON under `skills_dir/.eino/plantask/<conversation-id>/`; Eino clears task files when **all** tasks are marked completed), `reduction`, **`checkpoint_dir`** (`data/eino-checkpoints/`), **`deep_model_retry_max_retries`**, **`deep_output_key`**, task-tool description prefix—see `config.yaml` and `internal/config/config.go`.
 - **Shipped demo** – `skills/cyberstrike-eino-demo/`; see `skills/README.md`.

 **Creating a skill:**
@@ -543,7 +544,7 @@ multi_agent:
  orchestrator_instruction: ""  # Deep; used when orchestrator.md body is empty
  # orchestrator_instruction_plan_execute / orchestrator_instruction_supervisor optional
  # eino_skills: { disable: false, filesystem_tools: true, skill_tool_name: skill }
-  # eino_middleware: optional patch_tool_calls, tool_search, plantask, reduction, checkpoint_dir, ...
+  # eino_middleware: plantask_enable, checkpoint_dir, deep_model_retry_max_retries, deep_output_key, ...
 ```

 ### Tool Definition Example (`tools/nmap.yaml`)
@@ -28,7 +28,6 @@

 CyberStrikeAI 是一款 **AI 原生安全测试平台**，基于 Go 构建，集成了 100+ 安全工具、智能编排引擎、角色化测试与预设安全测试角色、Skills 技能系统与专业测试技能、完整的测试生命周期管理能力，以及面向 **授权场景** 的 **内置轻量 C2（Command & Control，指挥与控制）** 能力（监听器、加密通信、会话与任务、实时事件、REST 与 MCP 协同）。通过原生 MCP 协议与 AI 智能体，支持从对话指令到漏洞发现、攻击链分析、知识检索与结果可视化的全流程自动化，为安全团队提供可审计、可追溯、可协作的专业测试环境。

-
 ## 界面与集成预览

 <div align="center">
@@ -116,9 +115,9 @@ CyberStrikeAI 是一款 **AI 原生安全测试平台**，基于 Go 构建，集
 - 🛡️ 漏洞管理功能：完整的漏洞 CRUD 操作，支持严重程度分级、状态流转、按对话/严重程度/状态过滤，以及统计看板
 - 📋 批量任务管理：创建任务队列，批量添加任务，依次顺序执行，支持任务编辑与状态跟踪
 - 🎭 角色化测试：预设安全测试角色（渗透测试、CTF、Web 应用扫描等），支持自定义提示词和工具限制
- 🧩 **Agent 编排（CloudWeGo Eino）**：**单代理** `POST /api/eino-agent/stream`（Eino ADK）；**多代理** `POST /api/multi-agent/stream`，`orchestration` 选 **`deep`** / **`plan_execute`** / **`supervisor`**。`agents/` 下主代理与子代理 Markdown 见 [多代理说明](docs/MULTI_AGENT_EINO.md)
+- 🧩 **Agent 编排（CloudWeGo Eino）**：**单代理** `POST /api/eino-agent/stream`（Eino ADK）；**多代理** `POST /api/multi-agent/stream`，`orchestration` 选 **`deep`** / **`plan_execute`** / **`supervisor`**。ADK **Summarization** 在上下文过长时压缩历史；压缩前将可恢复 **转录** 写入 `data/conversation_artifacts/<会话ID>/summarization/transcript.txt`（保留完整 user/assistant/tool 轮次，省略静态 system）。`agents/` 下主代理与子代理 Markdown 见 [多代理说明](docs/MULTI_AGENT_EINO.md)
 - 🖼️ **视觉分析（`analyze_image`）**：独立 Vision 模型（如 `qwen-vl-max`），MCP 工具分析本地截图/验证码/UI；图片仅在单次 VL 调用中出现，对话上下文只保留文字摘要。配置见 `config.yaml` → `vision` 与 [视觉分析说明](docs/VISION.md)
- 🎯 **Skills（面向 Eino 重构）**：技能包放在 **`skills_dir`**，遵循 **Agent Skills** 目录规范（`SKILL.md` + 可选文件）；**多代理** 下通过 Eino 官方 **`skill`** 工具 **渐进式披露**（按 name 加载）。**`multi_agent.eino_skills`** 控制是否启用、本机文件/Shell 工具、工具名覆盖；**`eino_middleware`** 可选 patch、tool_search、plantask、reduction、断点目录及 Deep 调参。20+ 领域示例仍可绑定角色
+- 🎯 **Skills（面向 Eino 重构）**：技能包放在 **`skills_dir`**，遵循 **Agent Skills** 目录规范（`SKILL.md` + 可选文件）；**多代理** 下通过 Eino 官方 **`skill`** 工具 **渐进式披露**（按 name 加载）。**`multi_agent.eino_skills`** 控制是否启用、本机文件/Shell 工具、工具名覆盖；**`eino_middleware`** 可选 patch、tool_search、**plantask**（`TaskCreate` / `TaskList` 任务板，落在 `skills_dir/.eino/plantask/`）、reduction、文件型 **checkpoint**（`checkpoint_dir`）、ChatModel **重试**、会话 **输出键** 及 Deep 调参。20+ 领域示例仍可绑定角色
 - 📱 **机器人**：支持钉钉、飞书长连接，在手机端与 CyberStrikeAI 对话（配置与命令详见 [机器人使用说明](docs/robot.md)）
 - 🧑‍⚖️ **人机协同（HITL）**：对话页侧栏配置协同模式与免审批工具白名单；全局列表在 `config.yaml` 的 `hitl.tool_whitelist`；点「应用」可将新增工具合并写入配置文件且**无需重启**即可生效；导航 **人机协同** 页处理待审批工具调用
 - 🐚 **WebShell 管理**：添加与管理 WebShell 连接（兼容冰蝎/蚁剑等），通过虚拟终端执行命令、内置文件管理进行文件操作，并提供按连接维度保存历史的 AI 助手标签页；支持 PHP/ASP/ASPX/JSP 及自定义类型，可配置请求方法与命令参数。
@@ -189,14 +188,15 @@ chmod +x run.sh && ./run.sh
     ```
   - 或启动前直接编辑 `config.yaml` 文件
 2. **登录系统** - 使用控制台显示的自动生成密码（或在 `config.yaml` 中设置 `auth.password`）
-3. **安装安全工具（可选）** - 按需安装所需工具：
+3. **安装安全工具（可选）** - 一键安装 `tools/` 目录声明的全部工具：
   ```bash
-   # macOS
-   brew install nmap sqlmap nuclei httpx gobuster feroxbuster subfinder amass
-   # Ubuntu/Debian
-   sudo apt-get install nmap sqlmap nuclei httpx gobuster feroxbuster
+   ./install-tools.sh              # 安装缺失工具 (Kali/Debian/Ubuntu 推荐)
+   ./install-tools.sh --check      # 仅检查, 不安装
+   ./install-tools.sh --list       # 列出各工具安装状态
+   ./install-tools.sh --only nmap,gau   # 只装指定工具
   ```
-   未安装的工具会自动跳过或改用替代方案。
+   macOS 自带 bash 3.2, 请用 `./install-tools.sh --install-bash --list` 自动安装 bash 4+; apt 不可用时会降级到 pip/go/GitHub。
+   未安装的工具在执行时会自动跳过或改用替代方案。

 **其他启动方式：**
 ```bash
@@ -258,7 +258,7 @@ go build -o cyberstrike-ai cmd/server/main.go
 - **预设角色**：系统内置 12+ 个预设的安全测试角色（渗透测试、CTF、Web 应用扫描、API 安全测试、二进制分析、云安全审计等），位于 `roles/` 目录。
 - **自定义提示词**：每个角色可定义 `user_prompt`，会在用户消息前自动添加，引导 AI 采用特定的测试方法和关注重点。
 - **工具限制**：角色可指定 `tools` 列表，限制可用工具，实现聚焦的测试流程（如 CTF 角色限制为 CTF 专用工具）。
- **Skills**：技能包位于 `skills_dir`；启用 **`multi_agent.eino_skills`** 后，**单代理与多代理**均可通过 Eino **`skill`** 工具按需加载。中间件与本机 read_file/glob/grep 等见文档。
+- **Skills**：技能包位于 `skills_dir`；启用 **`multi_agent.eino_skills`** 后，**单代理与多代理**均可通过 Eino **`skill`** 工具按需加载。可选 **`eino_middleware`**（tool_search、plantask、reduction、checkpoint、Summarization 转录等）与本机 read_file/glob/grep 等见文档。
 - **轻松创建角色**：通过在 `roles/` 目录添加 YAML 文件即可创建自定义角色。每个角色定义 `name`、`description`、`user_prompt`、`icon`、`tools`、`enabled` 字段。
 - **Web 界面集成**：在聊天界面通过下拉菜单选择角色。角色选择会影响 AI 行为和可用工具建议。

@@ -286,6 +286,7 @@ go build -o cyberstrike-ai cmd/server/main.go
  - **子代理**（**deep** / **supervisor**）：其余 `*.md`；标成 orchestrator 的不会进入 `task` 列表。
 - **界面管理**：**Agents → Agent 管理**；API `/api/multi-agent/markdown-agents`。
 - **配置项**：`multi_agent`：`enabled`、`robot_default_agent_mode`、`batch_use_multi_agent`、`max_iteration`、`plan_execute_loop_max_iterations`、各模式 orchestrator 指令字段、可选 YAML `sub_agents` 与目录合并（同 `id` → Markdown 优先）、**`eino_skills`**、**`eino_middleware`**。
+- **长任务与恢复**：`checkpoint_dir` 支持进程崩溃后 ADK **断点续跑**（与基于 trace 的「中断继续」不同）。`deep_model_retry_max_retries` 在同一次 LLM 调用内重试瞬时 API 失败。**Summarization** 触发压缩时会写入过滤后的 **transcript**，摘要消息中带路径，模型可用 `read_file` 找回扫描输出等压缩前细节。
 - **更多细节**：[docs/MULTI_AGENT_EINO.md](docs/MULTI_AGENT_EINO.md)（流式、机器人、批量、中间件差异）。

 ### Skills 技能系统（Agent Skills + Eino）
@@ -293,7 +294,7 @@ go build -o cyberstrike-ai cmd/server/main.go
 - **运行侧重构**：**`skills_dir`** 为技能包唯一根目录；**多代理** 通过 Eino 官方 **`skill`** 中间件做 **渐进式披露**（模型按 **name** 调用 `skill`，而非一次性注入全文）。由 **`multi_agent.eino_skills`** 控制：`disable`、`filesystem_tools`（本机读写与 Shell）、`skill_tool_name`。
 - **Eino / 知识流水线**：技能包可切分为 `schema.Document`，供 `FilesystemSkillsRetriever`（`skills.AsEinoRetriever()`）在 **compose** 图（如索引/编排）中使用。
 - **HTTP 管理**：`/api/skills` 列表与 `depth=summary|full`、`section`、`resource_path` 等仍用于 Web 与运维；**模型侧** 多代理走 **`skill`** 工具，而非 MCP。
- **可选 `eino_middleware`**：如 `tool_search`（动态工具列表）、`patch_tool_calls`、`plantask`（结构化任务；默认落在 `skills_dir` 下子目录）、`reduction`、`checkpoint_dir`、Deep 输出键 / 模型重试 / task 描述前缀等，见 `config.yaml` 与 `internal/config/config.go`。
+- **可选 `eino_middleware`**：如 `tool_search`（动态工具列表）、`patch_tool_calls`、**`plantask`**（Eino `TaskCreate` / `TaskGet` / `TaskUpdate` / `TaskList`；JSON 存于 `skills_dir/.eino/plantask/<会话ID>/`；**全部**任务标为 completed 后 Eino 会清理任务文件）、`reduction`、**`checkpoint_dir`**（如 `data/eino-checkpoints/`）、**`deep_model_retry_max_retries`**、**`deep_output_key`**、task 描述前缀等，见 `config.yaml` 与 `internal/config/config.go`。
 - **自带示例**：`skills/cyberstrike-eino-demo/`；说明见 `skills/README.md`。

 **新建技能：**
@@ -541,7 +542,7 @@ multi_agent:
  orchestrator_instruction: ""  # Deep；orchestrator.md 正文为空时使用
  # orchestrator_instruction_plan_execute / orchestrator_instruction_supervisor 可选
  # eino_skills: { disable: false, filesystem_tools: true, skill_tool_name: skill }
-  # eino_middleware: 可选 patch_tool_calls、tool_search、plantask、reduction、checkpoint_dir 等
+  # eino_middleware: plantask_enable、checkpoint_dir、deep_model_retry_max_retries、deep_output_key 等
 ```

 ### 工具模版示例（`tools/nmap.yaml`）
@@ -10,7 +10,7 @@
 # ============================================

 # 前端显示的版本号（可选，不填则显示默认版本）
-version: "v1.6.32"
+version: "v1.6.35"
 # 服务器配置
 server:
  host: 0.0.0.0 # 监听地址，0.0.0.0 表示监听所有网络接口
@@ -129,8 +129,8 @@ multi_agent:
    tool_search_min_tools: 20 # 达到该数量才启用 tool_search（避免工具很少时多此一举）；与 always_visible 配合使用
    tool_search_always_visible: 12 # 始终直接暴露给模型的工具个数（顺序与角色工具列表一致）；其余工具进入动态池，需 tool_search 解锁
    tool_search_always_visible_tools: [read_file, glob, grep, analyze_image, write_file, edit_file, execute, task, transfer_to_agent, exit, write_todos, skill, tool_search, TaskCreate, TaskGet, TaskUpdate, TaskList, record_vulnerability, list_vulnerabilities, get_vulnerability, list_knowledge_risk_types, search_knowledge_base, webshell_exec, webshell_file_list, webshell_file_read, webshell_file_write, manage_webshell_list, manage_webshell_add, manage_webshell_update, manage_webshell_delete, manage_webshell_test, batch_task_list, batch_task_get, batch_task_start, batch_task_rerun, batch_task_pause, batch_task_update_metadata, batch_task_update_schedule, batch_task_schedule_enabled, batch_task_update_task, batch_task_remove_task, batch_task_delete, batch_task_create, batch_task_add_task, http-framework-test] # 后端内置常驻工具白名单（优先于 always_visible 数量策略）
-    plantask_enable: false # true：主代理（Deep / Supervisor 主）挂载 TaskCreate/Get/Update/List；需 eino_skills 可用且 skills_dir 存在，否则仅打日志并跳过
-    plantask_rel_dir: .eino/plantask # 结构化任务文件相对 skills_dir 的子目录，其下再按会话 ID 分子目录存放
+    plantask_enable: true # P0：主代理挂载 TaskCreate/Get/Update/List 结构化任务板；需 eino_skills 可用且 skills_dir 存在
+    plantask_rel_dir: .eino/plantask # 任务文件相对 skills_dir，按会话分子目录：skills/.eino/plantask/<conversationId>/
    reduction_enable: true # true：大工具输出截断/落盘以控上下文；依赖与 plantask 相同的 eino local 写盘后端，无后端时不挂载
    reduction_max_length_for_trunc: 50000 # 单条工具结果超过该字符数（bytes）时截断并落盘（由 reduction 中间件处理）
    reduction_max_tokens_for_clear: 160000 # 历史工具结果清理阈值（tokens），超阈值时在模型调用前清理旧结果
@@ -143,11 +143,11 @@ multi_agent:
    plan_execute_executed_steps_budget_ratio: 0.2 # plan_execute 中 executed_steps 预算比例
    plan_execute_max_step_result_runes: 4000 # plan_execute 每步结果最大字符数（超出截断）
    plan_execute_keep_last_steps: 8 # plan_execute 仅保留最近 N 步正文，早期步骤折叠为标题
-    checkpoint_dir: "" # 非空：为 adk.NewRunner 启用按会话子目录的文件型 CheckPointStore，便于中断恢复持久化；Resume 的 HTTP/前端流程需另行对接
-    run_retry_max_attempts: 0 # >0：429/5xx/网络抖动时 ADK 运行循环指数退避续跑次数；0=默认 10
+    checkpoint_dir: data/eino-checkpoints # P0：进程崩溃/OOM 后同会话自动 ADK Resume；正常结束会删 .ckpt；与「中断并继续」(last_react_*) 是两套机制
+    run_retry_max_attempts: 0 # 429/5xx/网络抖动时整轮 Run 指数退避续跑；0=默认 10（与 deep_model_retry 互补，建议保持默认）
    run_retry_max_backoff_sec: 0 # 单次退避上限秒数；0=默认 30
-    deep_output_key: "" # 非空：将最终助手输出写入 adk session 的键名（Deep 与 Supervisor 主代理）；空表示不写入
-    deep_model_retry_max_retries: 0 # >0：ChatModel 调用失败时的框架级最大重试次数（Deep 与 Supervisor 主）；0：不重试
+    deep_output_key: final_answer # P0：Eino session 写入最终助手结论（框架内部；Deep/Supervisor 主/eino_single）
+    deep_model_retry_max_retries: 3 # P0：单次 ChatModel API 失败时框架自动重试（超时/502 等）；子代理模型不受此项影响
    task_tool_description_prefix: "" # 非空：仅 Deep 的 task 工具使用自定义描述前缀，运行时会拼接子代理名称；空则走 Eino 默认生成逻辑
  # Eino callbacks + OpenTelemetry：框架级 span（与 Zap 对齐）；默认不向终端用户 UI 推 eino_trace_*（见 sse_trace_to_client）
  eino_callbacks:
@@ -315,6 +315,14 @@ func New(cfg *config.Config, log *logger.Logger, configPath string) (*App, error
 	skillsDir := skillpackage.SkillsRootFromConfig(cfg.SkillsDir, configPath)
 	log.Logger.Info("Skills 目录（Eino ADK skill 中间件 + Web 管理 API）", zap.String("skillsDir", skillsDir))
 	configDir := filepath.Dir(configPath)
+	plantaskRel := strings.TrimSpace(cfg.MultiAgent.EinoMiddleware.PlantaskRelDir)
+	if plantaskRel == "" {
+		plantaskRel = ".eino/plantask"
+	}
+	plantaskBase := filepath.Join(skillsDir, plantaskRel)
+	// Match eino_adk_run_loop: checkpoint_dir is used as configured (relative to process CWD when not absolute).
+	checkpointBase := strings.TrimSpace(cfg.MultiAgent.EinoMiddleware.CheckpointDir)
+	db.SetEinoConversationDirs(plantaskBase, checkpointBase)
 	agent.SetPromptBaseDir(configDir)

 	agentsDir := cfg.AgentsDir
@@ -1075,6 +1083,7 @@ func setupRoutes(
 		protected.DELETE("/vulnerabilities/:id", vulnerabilityHandler.DeleteVulnerability)

 		// 项目管理与事实黑板
+		protected.GET("/projects/dashboard-summary", projectHandler.GetDashboardSummary)
 		protected.GET("/projects", projectHandler.ListProjects)
 		protected.POST("/projects", projectHandler.CreateProject)
 		protected.GET("/projects/:id/stats", projectHandler.GetProjectStats)
@@ -1083,8 +1092,6 @@ func setupRoutes(
 		protected.PUT("/projects/:id", projectHandler.UpdateProject)
 		protected.DELETE("/projects/:id", projectHandler.DeleteProject)
 		protected.GET("/projects/:id/facts", projectHandler.ListFacts)
-		protected.GET("/projects/:id/facts/:factId/previous-version", projectHandler.GetFactPreviousVersion)
-		protected.GET("/projects/:id/facts/:factId/versions", projectHandler.ListFactVersions)
 		protected.POST("/projects/:id/facts", projectHandler.CreateFact)
 		protected.PUT("/projects/:id/facts/:factId", projectHandler.UpdateFact)
 		protected.DELETE("/projects/:id/facts/:factId", projectHandler.DeleteFact)
@@ -47,6 +47,24 @@ func (l *oneConnListener) Accept() (net.Conn, error) {
 func (l *oneConnListener) Close() error   { return nil }
 func (l *oneConnListener) Addr() net.Addr { return l.addr }

+// httpServerForTLSConn 从已有 Server 复制可服务字段，用于已握手 TLS 连接上的 HTTP 服务。
+// 不能复制整个 http.Server（内含 atomic/noCopy 字段）。
+func httpServerForTLSConn(src *http.Server) *http.Server {
+	return &http.Server{
+		Handler:                      src.Handler,
+		DisableGeneralOptionsHandler: src.DisableGeneralOptionsHandler,
+		ReadTimeout:                  src.ReadTimeout,
+		ReadHeaderTimeout:            src.ReadHeaderTimeout,
+		WriteTimeout:                 src.WriteTimeout,
+		IdleTimeout:                  src.IdleTimeout,
+		MaxHeaderBytes:               src.MaxHeaderBytes,
+		ConnState:                    src.ConnState,
+		ErrorLog:                     src.ErrorLog,
+		BaseContext:                  src.BaseContext,
+		ConnContext:                  src.ConnContext,
+	}
+}
+
 func isTLSHandshakeRecord(b byte) bool {
 	return b == 0x16
 }
@@ -172,8 +190,7 @@ func (m *mainServerMux) serveHTTPS(pc *peekedConn, localAddr net.Addr) {
 		}
 	}

-	plain := *srv
-	plain.TLSConfig = nil
+	plain := httpServerForTLSConn(srv)
 	ocl := &oneConnListener{conn: tlsConn, addr: localAddr}
 	if err := plain.Serve(ocl); err != nil && !errors.Is(err, net.ErrClosed) && !errors.Is(err, http.ErrServerClosed) {
 		m.logger.Debug("HTTPS 连接处理结束", zap.Error(err))
@@ -0,0 +1,48 @@
+package c2
+
+import (
+	"encoding/base64"
+	"strings"
+	"unicode/utf8"
+
+	"golang.org/x/text/encoding/simplifiedchinese"
+	"golang.org/x/text/transform"
+)
+
+// NormalizeConsoleOutput 将 implant/Shell 原始控制台字节转为 UTF-8 文本。
+// osTag 来自会话的 os 字段（如 windows / Windows 10）；空值时按 auto 处理。
+func NormalizeConsoleOutput(raw []byte, osTag string) string {
+	if len(raw) == 0 {
+		return ""
+	}
+	osTag = strings.ToLower(strings.TrimSpace(osTag))
+	isWindows := strings.Contains(osTag, "windows")
+
+	if utf8.Valid(raw) {
+		return string(raw)
+	}
+	if isWindows {
+		if out, _, err := transform.Bytes(simplifiedchinese.GB18030.NewDecoder(), raw); err == nil {
+			return string(out)
+		}
+	}
+	// 非 Windows 或解码失败：GB18030 兜底（覆盖 GBK）
+	if out, _, err := transform.Bytes(simplifiedchinese.GB18030.NewDecoder(), raw); err == nil {
+		return string(out)
+	}
+	return string(raw)
+}
+
+// ResolveTaskResultText 合并 beacon 回传的 Output/OutputB64（及 Error/ErrorB64），按会话 OS 解码。
+func ResolveTaskResultText(plain, b64, sessionOS string) string {
+	if strings.TrimSpace(b64) != "" {
+		raw, err := base64.StdEncoding.DecodeString(strings.TrimSpace(b64))
+		if err == nil {
+			return NormalizeConsoleOutput(raw, sessionOS)
+		}
+	}
+	if plain == "" {
+		return ""
+	}
+	return NormalizeConsoleOutput([]byte(plain), sessionOS)
+}
@@ -0,0 +1,51 @@
+package c2
+
+import (
+	"encoding/base64"
+	"testing"
+
+	"golang.org/x/text/encoding/simplifiedchinese"
+	"golang.org/x/text/transform"
+)
+
+func mustGBK(t *testing.T, s string) []byte {
+	t.Helper()
+	out, _, err := transform.Bytes(simplifiedchinese.GBK.NewEncoder(), []byte(s))
+	if err != nil {
+		t.Fatal(err)
+	}
+	return out
+}
+
+func TestNormalizeConsoleOutput_WindowsGBK(t *testing.T) {
+	raw := mustGBK(t, "中文测试")
+	got := NormalizeConsoleOutput(raw, "windows")
+	if got != "中文测试" {
+		t.Fatalf("got %q want 中文测试", got)
+	}
+}
+
+func TestNormalizeConsoleOutput_UTF8Passthrough(t *testing.T) {
+	raw := []byte("hello 世界")
+	got := NormalizeConsoleOutput(raw, "linux")
+	if got != "hello 世界" {
+		t.Fatalf("got %q", got)
+	}
+}
+
+func TestResolveTaskResultText_PrefersB64(t *testing.T) {
+	raw := mustGBK(t, "采购订单")
+	b64 := base64.StdEncoding.EncodeToString(raw)
+	got := ResolveTaskResultText("", b64, "windows")
+	if got != "采购订单" {
+		t.Fatalf("got %q", got)
+	}
+}
+
+func TestResolveTaskResultText_PlainFallback(t *testing.T) {
+	raw := mustGBK(t, "测试")
+	got := ResolveTaskResultText(string(raw), "", "windows")
+	if got != "测试" {
+		t.Fatalf("got %q", got)
+	}
+}
@@ -367,6 +367,7 @@ func (l *HTTPBeaconListener) handleFileServe(w http.ResponseWriter, r *http.Requ
 	}
 	prefix := l.cfg.BeaconFilePath
 	taskID := strings.TrimPrefix(r.URL.Path, prefix)
+	taskID = strings.TrimSuffix(taskID, ".bin")
 	if taskID == "" || strings.Contains(taskID, "/") || strings.Contains(taskID, "\\") || strings.Contains(taskID, "..") {
 		l.disguisedReject(w)
 		return
@@ -2,10 +2,12 @@ package c2

 import (
 	"bytes"
+	"encoding/base64"
 	"encoding/json"
 	"io"
 	"net"
 	"net/http"
+	"os"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -127,3 +129,101 @@ func TestHTTPBeaconListener_CheckInMatrix(t *testing.T) {
 		}
 	})
 }
+
+func TestHTTPBeaconListener_HandleFileServe(t *testing.T) {
+	tmp := t.TempDir()
+	dbPath := filepath.Join(tmp, "c2.sqlite")
+	db, err := database.NewDB(dbPath, zap.NewNop())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() { _ = db.Close() })
+
+	lnPick, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatal(err)
+	}
+	port := lnPick.Addr().(*net.TCPAddr).Port
+	_ = lnPick.Close()
+
+	keyB64, err := GenerateAESKey()
+	if err != nil {
+		t.Fatal(err)
+	}
+	token := "test-implant-token-file"
+
+	lid := "l_testhttpfile01"
+	rec := &database.C2Listener{
+		ID:            lid,
+		Name:          "t",
+		Type:          string(ListenerTypeHTTPBeacon),
+		BindHost:      "127.0.0.1",
+		BindPort:      port,
+		EncryptionKey: keyB64,
+		ImplantToken:  token,
+		Status:        "stopped",
+		ConfigJSON:    `{"beacon_file_path":"/file/"}`,
+		CreatedAt:     time.Now(),
+	}
+	if err := db.CreateC2Listener(rec); err != nil {
+		t.Fatal(err)
+	}
+
+	store := filepath.Join(tmp, "c2store")
+	m := NewManager(db, zap.NewNop(), store)
+	m.Registry().Register(string(ListenerTypeHTTPBeacon), NewHTTPBeaconListener)
+	if _, err := m.StartListener(lid); err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() { _ = m.StopListener(lid) })
+
+	fileID := "f_testfile123"
+	downDir := filepath.Join(store, "downstream")
+	if err := os.MkdirAll(downDir, 0o755); err != nil {
+		t.Fatal(err)
+	}
+	want := []byte("upload-payload-bytes")
+	if err := os.WriteFile(filepath.Join(downDir, fileID+".bin"), want, 0o644); err != nil {
+		t.Fatal(err)
+	}
+
+	base := "http://127.0.0.1:" + strconv.Itoa(port)
+	client := &http.Client{Timeout: 5 * time.Second}
+
+	for _, path := range []string{"/file/" + fileID, "/file/" + fileID + ".bin"} {
+		t.Run(path, func(t *testing.T) {
+			req, _ := http.NewRequest(http.MethodGet, base+path, nil)
+			req.Header.Set("X-Implant-Token", token)
+			resp, err := client.Do(req)
+			if err != nil {
+				t.Fatal(err)
+			}
+			defer resp.Body.Close()
+			if resp.StatusCode != http.StatusOK {
+				b, _ := io.ReadAll(resp.Body)
+				t.Fatalf("status=%d body=%q", resp.StatusCode, b)
+			}
+			raw, err := io.ReadAll(resp.Body)
+			if err != nil {
+				t.Fatal(err)
+			}
+			plain, err := DecryptAESGCM(keyB64, string(raw))
+			if err != nil {
+				t.Fatal(err)
+			}
+			var out struct {
+				FileData string `json:"file_data"`
+			}
+			if err := json.Unmarshal(plain, &out); err != nil {
+				t.Fatal(err)
+			}
+			got, err := base64.StdEncoding.DecodeString(out.FileData)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if !bytes.Equal(got, want) {
+				t.Fatalf("got %q want %q", got, want)
+			}
+		})
+	}
+}
@@ -638,10 +638,18 @@ func (m *Manager) IngestTaskResult(report TaskResultReport) error {
 		status = string(TaskFailed)
 	}
 	duration := endedAt.Sub(startedAt).Milliseconds()
+
+	sessionOS := ""
+	if sess, serr := m.db.GetC2Session(t.SessionID); serr == nil && sess != nil {
+		sessionOS = sess.OS
+	}
+	resultText := ResolveTaskResultText(report.Output, report.OutputB64, sessionOS)
+	errText := ResolveTaskResultText(report.Error, report.ErrorB64, sessionOS)
+
 	upd := database.C2TaskUpdate{
 		Status:      &status,
-		ResultText:  &report.Output,
-		Error:       &report.Error,
+		ResultText:  &resultText,
+		Error:       &errText,
 		StartedAt:   &startedAt,
 		CompletedAt: &endedAt,
 		DurationMS:  &duration,
@@ -661,8 +669,8 @@ func (m *Manager) IngestTaskResult(report TaskResultReport) error {
 		return err
 	}
 	t.Status = status
-	t.ResultText = report.Output
-	t.Error = report.Error
+	t.ResultText = resultText
+	t.Error = errText

 	level := "info"
 	msg := fmt.Sprintf("任务完成: %s", t.TaskType)
@@ -45,6 +45,7 @@ import (
 	"strings"
 	"sync"
 	"time"
+	"unicode/utf8"
 )

 // 编译期注入常量（text/template 替换）
@@ -101,7 +102,9 @@ type TaskReport struct {
 	TaskID     string `json:"task_id"`
 	Success    bool   `json:"success"`
 	Output     string `json:"output,omitempty"`
+	OutputB64  string `json:"output_b64,omitempty"`
 	Error      string `json:"error,omitempty"`
+	ErrorB64   string `json:"error_b64,omitempty"`
 	BlobBase64 string `json:"blob_b64,omitempty"`
 	BlobSuffix string `json:"blob_suffix,omitempty"`
 	StartedAt  int64  `json:"started_at"`
@@ -326,16 +329,7 @@ func handleTaskSyncTCP(conn net.Conn, env TaskEnv) {
 	defer func() { tcpTaskConn = nil }()
 	start := time.Now()
 	output, blobB64, blobSuffix, errMsg := executeTask(env.TaskType, env.Payload)
-	report := TaskReport{
-		TaskID:     env.TaskID,
-		Success:    errMsg == "",
-		Output:     output,
-		Error:      errMsg,
-		BlobBase64: blobB64,
-		BlobSuffix: blobSuffix,
-		StartedAt:  start.UnixMilli(),
-		EndedAt:    time.Now().UnixMilli(),
-	}
+	report := buildTaskReport(env.TaskID, output, errMsg, blobB64, blobSuffix, start, time.Now())
 	tcpReportResult(conn, report)
 }

@@ -367,7 +361,8 @@ func fetchC2FileByID(fileID string) ([]byte, error) {
 	if tcpTaskConn != nil {
 		return tcpFetchEncryptedFile(tcpTaskConn, fileID)
 	}
-	url := fmt.Sprintf("%s%s%s.bin", serverURL, filePath, fileID)
+	// 服务端 handleFileServe 会在 downstream/<file_id>.bin 读取；URL 路径应为 /file/<file_id>，勿重复 .bin
+	url := fmt.Sprintf("%s%s%s", serverURL, filePath, fileID)
 	req, _ := http.NewRequest("GET", url, nil)
 	req.Header.Set("User-Agent", userAgent)
 	req.Header.Set("X-Implant-Token", implantToken)
@@ -635,20 +630,39 @@ func decryptGCM(cipherText string) ([]byte, error) {
 	return gcm.Open(nil, nonce, ct, nil)
 }

+func encodeReportText(s string) (plain, b64 string) {
+	if s == "" {
+		return "", ""
+	}
+	b := []byte(s)
+	if utf8.Valid(b) {
+		return s, ""
+	}
+	return "", base64.StdEncoding.EncodeToString(b)
+}
+
+func buildTaskReport(taskID, output, errMsg, blobB64, blobSuffix string, start, end time.Time) TaskReport {
+	outText, outB64 := encodeReportText(output)
+	errText, errB64 := encodeReportText(errMsg)
+	return TaskReport{
+		TaskID:     taskID,
+		Success:    errMsg == "",
+		Output:     outText,
+		OutputB64:  outB64,
+		Error:      errText,
+		ErrorB64:   errB64,
+		BlobBase64: blobB64,
+		BlobSuffix: blobSuffix,
+		StartedAt:  start.UnixMilli(),
+		EndedAt:    end.UnixMilli(),
+	}
+}
+
 func handleTaskAsync(env TaskEnv) {
 	defer func() { _ = recover() }()
 	start := time.Now()
 	output, blobB64, blobSuffix, errMsg := executeTask(env.TaskType, env.Payload)
-	report := TaskReport{
-		TaskID:     env.TaskID,
-		Success:    errMsg == "",
-		Output:     output,
-		Error:      errMsg,
-		BlobBase64: blobB64,
-		BlobSuffix: blobSuffix,
-		StartedAt:  start.UnixMilli(),
-		EndedAt:    time.Now().UnixMilli(),
-	}
+	report := buildTaskReport(env.TaskID, output, errMsg, blobB64, blobSuffix, start, time.Now())
 	reportResult(report)
 }

@@ -890,12 +904,26 @@ func taskKillProc(payload map[string]interface{}) (string, string, string, strin
 	return "killed", "", "", ""
 }

+func normalizeRemotePath(p string) string {
+	p = strings.TrimSpace(p)
+	if p == "" || runtime.GOOS != "windows" {
+		return p
+	}
+	// 控制台可能下发 /d:/path/file（Unix 风格），Windows 需转为 d:\path\file
+	p = strings.ReplaceAll(p, "\\", "/")
+	if len(p) >= 3 && p[0] == '/' && p[2] == ':' {
+		p = p[1:]
+	}
+	return filepath.FromSlash(p)
+}
+
 func taskUpload(payload map[string]interface{}) (string, string, string, string) {
 	remotePath, _ := payload["remote_path"].(string)
 	fileID, _ := payload["file_id"].(string)
 	if remotePath == "" || fileID == "" {
 		return "", "", "", "remote_path or file_id empty"
 	}
+	remotePath = normalizeRemotePath(remotePath)
 	data, err := fetchC2FileByID(fileID)
 	if err != nil {
 		return "", "", "", err.Error()
@@ -209,7 +209,9 @@ type TaskResultReport struct {
 	TaskID     string `json:"task_id"`
 	Success    bool   `json:"success"`
 	Output     string `json:"output,omitempty"`
+	OutputB64  string `json:"output_b64,omitempty"` // 原始控制台字节（base64），避免 JSON 破坏非 UTF-8 输出
 	Error      string `json:"error,omitempty"`
+	ErrorB64   string `json:"error_b64,omitempty"`
 	BlobBase64 string `json:"blob_b64,omitempty"` // 如截图二进制
 	BlobSuffix string `json:"blob_suffix,omitempty"` // 如 ".png"
 	StartedAt  int64  `json:"started_at"`
@@ -240,6 +240,8 @@ type MultiAgentEinoMiddlewareConfig struct {
 	SummarizationTriggerRatio float64 `yaml:"summarization_trigger_ratio,omitempty" json:"summarization_trigger_ratio,omitempty"`
 	// SummarizationEmitInternalEvents controls middleware internal event emission (default true).
 	SummarizationEmitInternalEvents *bool `yaml:"summarization_emit_internal_events,omitempty" json:"summarization_emit_internal_events,omitempty"`
+	// SummarizationRetryMaxAttempts is extra retries after the first summarization Generate attempt; 0 = default 3.
+	SummarizationRetryMaxAttempts int `yaml:"summarization_retry_max_attempts,omitempty" json:"summarization_retry_max_attempts,omitempty"`
 	// PlanExecuteUserInputBudgetRatio caps planner/replanner/executor userInput prompt budget ratio (default 0.35).
 	PlanExecuteUserInputBudgetRatio float64 `yaml:"plan_execute_user_input_budget_ratio,omitempty" json:"plan_execute_user_input_budget_ratio,omitempty"`
 	// PlanExecuteExecutedStepsBudgetRatio caps executed_steps prompt budget ratio (default 0.2).
@@ -77,7 +77,7 @@ func (db *DB) LoadAttackChainNodes(conversationID string) ([]AttackChainNode, er
 		SELECT id, node_type, node_name, tool_execution_id, metadata, risk_score
 		FROM attack_chain_nodes
 		WHERE conversation_id = ?
-		ORDER BY created_at ASC
+		ORDER BY created_at ASC, rowid ASC
 	`

 	rows, err := db.Query(query, conversationID)
@@ -123,7 +123,7 @@ func (db *DB) LoadAttackChainEdges(conversationID string) ([]AttackChainEdge, er
 		SELECT id, source_node_id, target_node_id, edge_type, weight
 		FROM attack_chain_edges
 		WHERE conversation_id = ?
-		ORDER BY created_at ASC
+		ORDER BY created_at ASC, rowid ASC
 	`

 	rows, err := db.Query(query, conversationID)
@@ -840,7 +840,7 @@ func (db *DB) PopQueuedC2Tasks(sessionID string, limit int) ([]*C2Task, error) {
 			created_at
 		FROM c2_tasks
 		WHERE session_id = ? AND (status = 'queued' AND (approval_status = '' OR approval_status = 'approved'))
-		ORDER BY created_at ASC
+		ORDER BY created_at ASC, rowid ASC
 		LIMIT ?
 	`
 	rows, err := tx.Query(query, sessionID, limit)
@@ -361,6 +361,27 @@ func (db *DB) GetConversationLite(id string) (*Conversation, error) {
 	return &conv, nil
 }

+// CountConversations 统计对话数量。
+func (db *DB) CountConversations(search string) (int, error) {
+	var count int
+	var err error
+	if search != "" {
+		searchPattern := "%" + search + "%"
+		err = db.QueryRow(
+			`SELECT COUNT(*) FROM conversations c
+			 WHERE c.title LIKE ?
+			    OR EXISTS (SELECT 1 FROM messages m WHERE m.conversation_id = c.id AND m.content LIKE ?)`,
+			searchPattern, searchPattern,
+		).Scan(&count)
+	} else {
+		err = db.QueryRow(`SELECT COUNT(*) FROM conversations`).Scan(&count)
+	}
+	if err != nil {
+		return 0, fmt.Errorf("统计对话失败: %w", err)
+	}
+	return count, nil
+}
+
 // ListConversations 列出所有对话
 func (db *DB) ListConversations(limit, offset int, search string) ([]*Conversation, error) {
 	var rows *sql.Rows
@@ -430,6 +451,73 @@ func (db *DB) ListConversations(limit, offset int, search string) ([]*Conversati
 	return conversations, nil
 }

+const ungroupedConversationsSQL = `
+	FROM conversations c
+	WHERE NOT EXISTS (
+		SELECT 1 FROM conversation_group_mappings cgm WHERE cgm.conversation_id = c.id
+	)`
+
+// CountUngroupedConversations 统计不在任何分组中的对话数量。
+func (db *DB) CountUngroupedConversations() (int, error) {
+	var count int
+	if err := db.QueryRow(`SELECT COUNT(*) ` + ungroupedConversationsSQL).Scan(&count); err != nil {
+		return 0, fmt.Errorf("统计未分组对话失败: %w", err)
+	}
+	return count, nil
+}
+
+// ListUngroupedConversations 列出不在任何分组中的对话（最近对话侧栏）。
+func (db *DB) ListUngroupedConversations(limit, offset int) ([]*Conversation, error) {
+	rows, err := db.Query(
+		`SELECT c.id, c.title, COALESCE(c.pinned, 0), c.created_at, c.updated_at, c.project_id `+
+			ungroupedConversationsSQL+`
+		 ORDER BY c.updated_at DESC
+		 LIMIT ? OFFSET ?`,
+		limit, offset,
+	)
+	if err != nil {
+		return nil, fmt.Errorf("查询未分组对话失败: %w", err)
+	}
+	defer rows.Close()
+
+	var conversations []*Conversation
+	for rows.Next() {
+		var conv Conversation
+		var createdAt, updatedAt string
+		var pinned int
+		var projectID sql.NullString
+
+		if err := rows.Scan(&conv.ID, &conv.Title, &pinned, &createdAt, &updatedAt, &projectID); err != nil {
+			return nil, fmt.Errorf("扫描对话失败: %w", err)
+		}
+		if projectID.Valid {
+			conv.ProjectID = strings.TrimSpace(projectID.String)
+		}
+
+		var err1, err2 error
+		conv.CreatedAt, err1 = time.Parse("2006-01-02 15:04:05.999999999-07:00", createdAt)
+		if err1 != nil {
+			conv.CreatedAt, err1 = time.Parse("2006-01-02 15:04:05", createdAt)
+		}
+		if err1 != nil {
+			conv.CreatedAt, _ = time.Parse(time.RFC3339, createdAt)
+		}
+
+		conv.UpdatedAt, err2 = time.Parse("2006-01-02 15:04:05.999999999-07:00", updatedAt)
+		if err2 != nil {
+			conv.UpdatedAt, err2 = time.Parse("2006-01-02 15:04:05", updatedAt)
+		}
+		if err2 != nil {
+			conv.UpdatedAt, _ = time.Parse(time.RFC3339, updatedAt)
+		}
+
+		conv.Pinned = pinned != 0
+		conversations = append(conversations, &conv)
+	}
+
+	return conversations, rows.Err()
+}
+
 // UpdateConversationTitle 更新对话标题
 func (db *DB) UpdateConversationTitle(id, title string) error {
 	// 注意：不更新 updated_at，因为重命名操作不应该改变对话的更新时间
@@ -477,19 +565,53 @@ func (db *DB) DeleteConversation(id string) error {
 	if err != nil {
 		return fmt.Errorf("删除对话失败: %w", err)
 	}
-	// Best-effort cleanup for conversation-scoped filesystem artifacts
-	// (e.g., summarization transcript, reduction/checkpoint files under conversation_artifacts/<id>).
-	if base := strings.TrimSpace(db.conversationArtifactsDir); base != "" {
-		artDir := filepath.Join(base, id)
-		if rmErr := os.RemoveAll(artDir); rmErr != nil {
-			db.logger.Warn("删除会话 artifacts 目录失败", zap.String("conversationId", id), zap.String("dir", artDir), zap.Error(rmErr))
-		}
-	}
+	db.removeConversationScopedDirs(id)

 	db.logger.Info("对话及其所有相关数据已删除", zap.String("conversationId", id))
 	return nil
 }

+func sanitizeConversationPathSegment(s string) string {
+	s = strings.TrimSpace(s)
+	if s == "" {
+		return "default"
+	}
+	s = strings.ReplaceAll(s, string(filepath.Separator), "-")
+	s = strings.ReplaceAll(s, "/", "-")
+	s = strings.ReplaceAll(s, "\\", "-")
+	s = strings.ReplaceAll(s, "..", "__")
+	if len(s) > 180 {
+		s = s[:180]
+	}
+	return s
+}
+
+func (db *DB) removeConversationScopedDir(base, conversationID, label string) {
+	base = strings.TrimSpace(base)
+	if base == "" {
+		return
+	}
+	dir := filepath.Join(base, sanitizeConversationPathSegment(conversationID))
+	if rmErr := os.RemoveAll(dir); rmErr != nil {
+		if db.logger != nil {
+			db.logger.Warn("删除会话目录失败",
+				zap.String("conversationId", conversationID),
+				zap.String("kind", label),
+				zap.String("dir", dir),
+				zap.Error(rmErr))
+		}
+	}
+}
+
+func (db *DB) removeConversationScopedDirs(conversationID string) {
+	// summarization transcript, reduction files, etc.
+	db.removeConversationScopedDir(db.conversationArtifactsDir, conversationID, "conversation_artifacts")
+	// Eino plantask JSON boards (skills_dir/.eino/plantask/<id>/).
+	db.removeConversationScopedDir(db.einoPlantaskBaseDir, conversationID, "plantask")
+	// Eino ADK runner checkpoints (checkpoint_dir/<id>/).
+	db.removeConversationScopedDir(db.einoCheckpointBaseDir, conversationID, "eino_checkpoint")
+}
+
 // SaveAgentTrace 保存最后一轮代理消息轨迹与助手输出摘要。
 // SQLite 列名仍为 last_react_input / last_react_output，与历史库表兼容；语义上为「全模式代理轨迹」，非仅 ReAct。
 func (db *DB) SaveAgentTrace(conversationID, traceInputJSON, assistantOutput string) error {
@@ -604,7 +726,7 @@ func (db *DB) UpdateAssistantMessageFinalize(messageID, content string, mcpExecu
 // GetMessages 获取对话的所有消息
 func (db *DB) GetMessages(conversationID string) ([]Message, error) {
 	rows, err := db.Query(
-		"SELECT id, conversation_id, role, content, reasoning_content, mcp_execution_ids, created_at, updated_at FROM messages WHERE conversation_id = ? ORDER BY created_at ASC",
+		"SELECT id, conversation_id, role, content, reasoning_content, mcp_execution_ids, created_at, updated_at FROM messages WHERE conversation_id = ? ORDER BY created_at ASC, rowid ASC",
 		conversationID,
 	)
 	if err != nil {
@@ -799,7 +921,7 @@ func (db *DB) AddProcessDetail(messageID, conversationID, eventType, message str
 // GetProcessDetails 获取消息的过程详情
 func (db *DB) GetProcessDetails(messageID string) ([]ProcessDetail, error) {
 	rows, err := db.Query(
-		"SELECT id, message_id, conversation_id, event_type, message, data, created_at FROM process_details WHERE message_id = ? ORDER BY created_at ASC",
+		"SELECT id, message_id, conversation_id, event_type, message, data, created_at FROM process_details WHERE message_id = ? ORDER BY created_at ASC, rowid ASC",
 		messageID,
 	)
 	if err != nil {
@@ -835,7 +957,7 @@ func (db *DB) GetProcessDetails(messageID string) ([]ProcessDetail, error) {
 // GetProcessDetailsByConversation 获取对话的所有过程详情（按消息分组）
 func (db *DB) GetProcessDetailsByConversation(conversationID string) (map[string][]ProcessDetail, error) {
 	rows, err := db.Query(
-		"SELECT id, message_id, conversation_id, event_type, message, data, created_at FROM process_details WHERE conversation_id = ? ORDER BY created_at ASC",
+		"SELECT id, message_id, conversation_id, event_type, message, data, created_at FROM process_details WHERE conversation_id = ? ORDER BY created_at ASC, rowid ASC",
 		conversationID,
 	)
 	if err != nil {
@@ -0,0 +1,57 @@
+package database
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"go.uber.org/zap"
+)
+
+func TestDeleteConversationRemovesEinoScopedDirs(t *testing.T) {
+	tmp := t.TempDir()
+	dbPath := filepath.Join(tmp, "conversations.db")
+	db, err := NewDB(dbPath, zap.NewNop())
+	if err != nil {
+		t.Fatalf("NewDB: %v", err)
+	}
+	defer db.Close()
+
+	plantaskBase := filepath.Join(tmp, "skills", ".eino", "plantask")
+	checkpointBase := filepath.Join(tmp, "eino-checkpoints")
+	db.SetEinoConversationDirs(plantaskBase, checkpointBase)
+
+	conv, err := db.CreateConversation("cleanup test", ConversationCreateMeta{})
+	if err != nil {
+		t.Fatalf("CreateConversation: %v", err)
+	}
+	convID := conv.ID
+	seg := sanitizeConversationPathSegment(convID)
+	for _, base := range []struct {
+		root string
+		file string
+	}{
+		{db.conversationArtifactsDir, "transcript.txt"},
+		{plantaskBase, "task-1.json"},
+		{checkpointBase, "runner-deep.ckpt"},
+	} {
+		dir := filepath.Join(base.root, seg)
+		if err := os.MkdirAll(dir, 0o755); err != nil {
+			t.Fatalf("mkdir %s: %v", dir, err)
+		}
+		if err := os.WriteFile(filepath.Join(dir, base.file), []byte("x"), 0o644); err != nil {
+			t.Fatalf("write %s: %v", base.file, err)
+		}
+	}
+
+	if err := db.DeleteConversation(convID); err != nil {
+		t.Fatalf("DeleteConversation: %v", err)
+	}
+
+	for _, base := range []string{db.conversationArtifactsDir, plantaskBase, checkpointBase} {
+		dir := filepath.Join(base, seg)
+		if _, statErr := os.Stat(dir); !os.IsNotExist(statErr) {
+			t.Fatalf("expected removed dir %s, stat err=%v", dir, statErr)
+		}
+	}
+}
@@ -49,6 +49,8 @@ type DB struct {
 	*sql.DB
 	logger                   *zap.Logger
 	conversationArtifactsDir string
+	einoPlantaskBaseDir      string // skills_dir + plantask_rel_dir (per-conversation subdirs)
+	einoCheckpointBaseDir    string // checkpoint_dir root (per-conversation subdirs)
 	checkpointLoopName       string
 	checkpointStop           chan struct{}
 	checkpointDone           chan struct{}
@@ -155,6 +157,16 @@ func NewDB(dbPath string, logger *zap.Logger) (*DB, error) {
 	return database, nil
 }

+// SetEinoConversationDirs configures best-effort filesystem cleanup on DeleteConversation.
+// plantaskBase is skills_root/plantask_rel (no conversation id); checkpointBase is checkpoint_dir root.
+func (db *DB) SetEinoConversationDirs(plantaskBase, checkpointBase string) {
+	if db == nil {
+		return
+	}
+	db.einoPlantaskBaseDir = strings.TrimSpace(plantaskBase)
+	db.einoCheckpointBaseDir = strings.TrimSpace(checkpointBase)
+}
+
 // initTables 初始化数据库表
 func (db *DB) initTables() error {
 	// 创建对话表（last_react_input / last_react_output 存「代理消息轨迹」JSON 与助手摘要，列名保留以兼容已有库）
@@ -334,7 +346,6 @@ func (db *DB) initTables() error {
 		source_conversation_id TEXT,
 		source_message_id TEXT,
 		pinned INTEGER NOT NULL DEFAULT 0,
-		supersedes_fact_id TEXT,
 		related_vulnerability_id TEXT,
 		created_at DATETIME NOT NULL,
 		updated_at DATETIME NOT NULL,
@@ -342,25 +353,6 @@ func (db *DB) initTables() error {
 		UNIQUE(project_id, fact_key)
 	);`

-	createProjectFactVersionsTable := `
-	CREATE TABLE IF NOT EXISTS project_fact_versions (
-		id TEXT PRIMARY KEY,
-		fact_id TEXT NOT NULL,
-		project_id TEXT NOT NULL,
-		fact_key TEXT NOT NULL,
-		category TEXT NOT NULL DEFAULT 'note',
-		summary TEXT NOT NULL DEFAULT '',
-		body TEXT,
-		confidence TEXT NOT NULL DEFAULT 'tentative',
-		source_conversation_id TEXT,
-		source_message_id TEXT,
-		pinned INTEGER NOT NULL DEFAULT 0,
-		related_vulnerability_id TEXT,
-		archived_at DATETIME NOT NULL,
-		FOREIGN KEY (fact_id) REFERENCES project_facts(id) ON DELETE CASCADE,
-		FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE
-	);`
-
 	// 创建漏洞表
 	createVulnerabilitiesTable := `
 	CREATE TABLE IF NOT EXISTS vulnerabilities (
@@ -598,7 +590,6 @@ func (db *DB) initTables() error {
 	CREATE INDEX IF NOT EXISTS idx_project_facts_project_id ON project_facts(project_id);
 	CREATE INDEX IF NOT EXISTS idx_project_facts_confidence ON project_facts(confidence);
 	CREATE INDEX IF NOT EXISTS idx_project_facts_related_vuln ON project_facts(related_vulnerability_id);
-	CREATE INDEX IF NOT EXISTS idx_project_fact_versions_fact_id ON project_fact_versions(fact_id);
 	CREATE INDEX IF NOT EXISTS idx_conversations_project_id ON conversations(project_id);
 	CREATE INDEX IF NOT EXISTS idx_vulnerabilities_project_id ON vulnerabilities(project_id);
 	CREATE INDEX IF NOT EXISTS idx_batch_tasks_queue_id ON batch_tasks(queue_id);
@@ -680,10 +671,6 @@ func (db *DB) initTables() error {
 		return fmt.Errorf("创建project_facts表失败: %w", err)
 	}

-	if _, err := db.Exec(createProjectFactVersionsTable); err != nil {
-		return fmt.Errorf("创建project_fact_versions表失败: %w", err)
-	}
-
 	if _, err := db.Exec(createVulnerabilitiesTable); err != nil {
 		return fmt.Errorf("创建vulnerabilities表失败: %w", err)
 	}
@@ -754,8 +741,8 @@ func (db *DB) initTables() error {
 	if err := db.migrateProjectsTable(); err != nil {
 		db.logger.Warn("迁移projects相关表失败", zap.Error(err))
 	}
-	if err := db.migrateProjectFactVersionsTable(); err != nil {
-		db.logger.Warn("迁移project_fact_versions表失败", zap.Error(err))
+	if err := db.dropProjectFactVersionsTable(); err != nil {
+		db.logger.Warn("清理project_fact_versions表失败", zap.Error(err))
 	}

 	if err := db.migrateWebshellConnectionsTable(); err != nil {
@@ -1153,32 +1140,10 @@ func (db *DB) migrateProjectsTable() error {
 	return nil
 }

-// migrateProjectFactVersionsTable 为已有库创建事实版本表。
-func (db *DB) migrateProjectFactVersionsTable() error {
-	ddl := `
-	CREATE TABLE IF NOT EXISTS project_fact_versions (
-		id TEXT PRIMARY KEY,
-		fact_id TEXT NOT NULL,
-		project_id TEXT NOT NULL,
-		fact_key TEXT NOT NULL,
-		category TEXT NOT NULL DEFAULT 'note',
-		summary TEXT NOT NULL DEFAULT '',
-		body TEXT,
-		confidence TEXT NOT NULL DEFAULT 'tentative',
-		source_conversation_id TEXT,
-		source_message_id TEXT,
-		pinned INTEGER NOT NULL DEFAULT 0,
-		related_vulnerability_id TEXT,
-		archived_at DATETIME NOT NULL,
-		FOREIGN KEY (fact_id) REFERENCES project_facts(id) ON DELETE CASCADE,
-		FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE
-	);`
-	if _, err := db.Exec(ddl); err != nil {
-		return err
-	}
-	_, _ = db.Exec(`CREATE INDEX IF NOT EXISTS idx_project_fact_versions_fact_id ON project_fact_versions(fact_id)`)
-	_, _ = db.Exec(`CREATE INDEX IF NOT EXISTS idx_project_facts_related_vuln ON project_facts(related_vulnerability_id)`)
-	return nil
+// dropProjectFactVersionsTable 移除已废弃的事实版本归档表。
+func (db *DB) dropProjectFactVersionsTable() error {
+	_, err := db.Exec(`DROP TABLE IF EXISTS project_fact_versions`)
+	return err
 }

 // migrateVulnerabilitiesTable 迁移 vulnerabilities 表，补充标签字段
@@ -51,7 +51,6 @@ type ProjectFact struct {
 	SourceConversationID   string    `json:"source_conversation_id,omitempty"`
 	SourceMessageID        string    `json:"source_message_id,omitempty"`
 	Pinned                 bool      `json:"pinned"`
-	SupersedesFactID       string    `json:"supersedes_fact_id,omitempty"`
 	RelatedVulnerabilityID string    `json:"related_vulnerability_id,omitempty"`
 	CreatedAt              time.Time `json:"created_at"`
 	UpdatedAt              time.Time `json:"updated_at"`
@@ -112,10 +111,30 @@ func (db *DB) GetProject(id string) (*Project, error) {
 	return &p, nil
 }

+// CountProjects 统计项目数量。
+func (db *DB) CountProjects(status, search string) (int, error) {
+	query := `SELECT COUNT(*) FROM projects WHERE 1=1`
+	args := []interface{}{}
+	if s := strings.TrimSpace(status); s != "" {
+		query += " AND status = ?"
+		args = append(args, s)
+	}
+	if q := strings.TrimSpace(search); q != "" {
+		pattern := "%" + q + "%"
+		query += " AND (name LIKE ? OR COALESCE(description,'') LIKE ?)"
+		args = append(args, pattern, pattern)
+	}
+	var count int
+	if err := db.QueryRow(query, args...).Scan(&count); err != nil {
+		return 0, fmt.Errorf("统计项目失败: %w", err)
+	}
+	return count, nil
+}
+
 // ListProjects 列出项目。
-func (db *DB) ListProjects(status string, limit, offset int) ([]*Project, error) {
+func (db *DB) ListProjects(status, search string, limit, offset int) ([]*Project, error) {
 	if limit <= 0 {
-		limit = 200
+		limit = 50
 	}
 	query := `SELECT id, name, COALESCE(description,''), COALESCE(scope_json,''), status, pinned, created_at, updated_at
 		FROM projects WHERE 1=1`
@@ -124,6 +143,11 @@ func (db *DB) ListProjects(status string, limit, offset int) ([]*Project, error)
 		query += " AND status = ?"
 		args = append(args, s)
 	}
+	if q := strings.TrimSpace(search); q != "" {
+		pattern := "%" + q + "%"
+		query += " AND (name LIKE ? OR COALESCE(description,'') LIKE ?)"
+		args = append(args, pattern, pattern)
+	}
 	query += " ORDER BY pinned DESC, updated_at DESC LIMIT ? OFFSET ?"
 	args = append(args, limit, offset)

@@ -215,7 +239,7 @@ func (db *DB) SetConversationProjectID(conversationID, projectID string) error {
 func (db *DB) ListProjectFactsForIndex(projectID string, includeDeprecated bool) ([]*ProjectFact, error) {
 	query := `SELECT id, project_id, fact_key, category, summary, COALESCE(body,''), confidence,
 		COALESCE(source_conversation_id,''), COALESCE(source_message_id,''), pinned,
-		COALESCE(supersedes_fact_id,''), COALESCE(related_vulnerability_id,''), created_at, updated_at
+		COALESCE(related_vulnerability_id,''), created_at, updated_at
 		FROM project_facts WHERE project_id = ?`
 	args := []interface{}{projectID}
 	if !includeDeprecated {
@@ -237,7 +261,7 @@ func (db *DB) ListProjectFacts(projectID string, filter ProjectFactListFilter, l
 	}
 	query := `SELECT id, project_id, fact_key, category, summary, COALESCE(body,''), confidence,
 		COALESCE(source_conversation_id,''), COALESCE(source_message_id,''), pinned,
-		COALESCE(supersedes_fact_id,''), COALESCE(related_vulnerability_id,''), created_at, updated_at
+		COALESCE(related_vulnerability_id,''), created_at, updated_at
 		FROM project_facts WHERE project_id = ?`
 	args := []interface{}{projectID}
 	if c := strings.TrimSpace(filter.Category); c != "" {
@@ -276,7 +300,7 @@ func (db *DB) GetProjectFactByKey(projectID, factKey string) (*ProjectFact, erro
 	row := db.QueryRow(
 		`SELECT id, project_id, fact_key, category, summary, COALESCE(body,''), confidence,
 			COALESCE(source_conversation_id,''), COALESCE(source_message_id,''), pinned,
-			COALESCE(supersedes_fact_id,''), COALESCE(related_vulnerability_id,''), created_at, updated_at
+			COALESCE(related_vulnerability_id,''), created_at, updated_at
 		 FROM project_facts WHERE project_id = ? AND fact_key = ?`,
 		projectID, factKey,
 	)
@@ -288,7 +312,7 @@ func (db *DB) GetProjectFact(id string) (*ProjectFact, error) {
 	row := db.QueryRow(
 		`SELECT id, project_id, fact_key, category, summary, COALESCE(body,''), confidence,
 			COALESCE(source_conversation_id,''), COALESCE(source_message_id,''), pinned,
-			COALESCE(supersedes_fact_id,''), COALESCE(related_vulnerability_id,''), created_at, updated_at
+			COALESCE(related_vulnerability_id,''), created_at, updated_at
 		 FROM project_facts WHERE id = ?`, id,
 	)
 	return scanProjectFactRow(row)
@@ -327,24 +351,15 @@ func (db *DB) UpsertProjectFact(f *ProjectFact) (*ProjectFact, error) {
 		if strings.TrimSpace(f.Confidence) == "" {
 			f.Confidence = existing.Confidence
 		}
-		if projectFactContentChanged(existing, f) {
-			versionID, verr := db.InsertProjectFactVersion(existing)
-			if verr != nil {
-				return nil, verr
-			}
-			f.SupersedesFactID = versionID
-		} else if f.SupersedesFactID == "" {
-			f.SupersedesFactID = existing.SupersedesFactID
-		}
 		_, err = db.Exec(
 			`UPDATE project_facts SET category = ?, summary = ?, body = ?, confidence = ?,
 				source_conversation_id = COALESCE(?, source_conversation_id),
 				source_message_id = COALESCE(?, source_message_id),
-				pinned = ?, supersedes_fact_id = ?, related_vulnerability_id = ?, updated_at = ?
+				pinned = ?, related_vulnerability_id = ?, updated_at = ?
 			 WHERE id = ?`,
 			f.Category, f.Summary, f.Body, f.Confidence,
 			nullIfEmpty(f.SourceConversationID), nullIfEmpty(f.SourceMessageID), boolToInt(f.Pinned),
-			nullIfEmpty(f.SupersedesFactID), nullIfEmpty(f.RelatedVulnerabilityID), f.UpdatedAt, f.ID,
+			nullIfEmpty(f.RelatedVulnerabilityID), f.UpdatedAt, f.ID,
 		)
 		if err != nil {
 			return nil, fmt.Errorf("更新事实失败: %w", err)
@@ -360,12 +375,12 @@ func (db *DB) UpsertProjectFact(f *ProjectFact) (*ProjectFact, error) {
 	_, err = db.Exec(
 		`INSERT INTO project_facts (
 			id, project_id, fact_key, category, summary, body, confidence,
-			source_conversation_id, source_message_id, pinned, supersedes_fact_id, related_vulnerability_id,
+			source_conversation_id, source_message_id, pinned, related_vulnerability_id,
 			created_at, updated_at
-		) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+		) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
 		f.ID, f.ProjectID, f.FactKey, f.Category, f.Summary, f.Body, f.Confidence,
 		nullIfEmpty(f.SourceConversationID), nullIfEmpty(f.SourceMessageID), boolToInt(f.Pinned),
-		nullIfEmpty(f.SupersedesFactID), nullIfEmpty(f.RelatedVulnerabilityID),
+		nullIfEmpty(f.RelatedVulnerabilityID),
 		f.CreatedAt, f.UpdatedAt,
 	)
 	if err != nil {
@@ -440,7 +455,7 @@ func scanProjectFactRow(row *sql.Row) (*ProjectFact, error) {
 	err := row.Scan(
 		&f.ID, &f.ProjectID, &f.FactKey, &f.Category, &f.Summary, &f.Body, &f.Confidence,
 		&f.SourceConversationID, &f.SourceMessageID, &pinned,
-		&f.SupersedesFactID, &f.RelatedVulnerabilityID, &createdAt, &updatedAt,
+		&f.RelatedVulnerabilityID, &createdAt, &updatedAt,
 	)
 	if err != nil {
 		if err == sql.ErrNoRows {
@@ -461,7 +476,7 @@ func scanProjectFactFromRows(rows *sql.Rows) (*ProjectFact, error) {
 	err := rows.Scan(
 		&f.ID, &f.ProjectID, &f.FactKey, &f.Category, &f.Summary, &f.Body, &f.Confidence,
 		&f.SourceConversationID, &f.SourceMessageID, &pinned,
-		&f.SupersedesFactID, &f.RelatedVulnerabilityID, &createdAt, &updatedAt,
+		&f.RelatedVulnerabilityID, &createdAt, &updatedAt,
 	)
 	if err != nil {
 		return nil, err
@@ -0,0 +1,91 @@
+package database
+
+import (
+	"fmt"
+	"strings"
+	"time"
+)
+
+// ProjectDashboardFact 仪表盘跨项目近期事实条目。
+type ProjectDashboardFact struct {
+	ID          string    `json:"id"`
+	ProjectID   string    `json:"project_id"`
+	ProjectName string    `json:"project_name"`
+	FactKey     string    `json:"fact_key"`
+	Category    string    `json:"category"`
+	Summary     string    `json:"summary"`
+	Confidence  string    `json:"confidence"`
+	Pinned      bool      `json:"pinned"`
+	UpdatedAt   time.Time `json:"updated_at"`
+}
+
+// ProjectDashboardTotals 仪表盘项目事实汇总计数。
+type ProjectDashboardTotals struct {
+	ActiveProjects int `json:"active_projects"`
+	TotalFacts     int `json:"total_facts"`
+}
+
+// ProjectDashboardSummary 仪表盘项目情报摘要。
+type ProjectDashboardSummary struct {
+	RecentFacts []ProjectDashboardFact `json:"recent_facts"`
+	Totals      ProjectDashboardTotals `json:"totals"`
+}
+
+// GetProjectDashboardSummary 聚合跨项目近期事实（仅活跃项目、排除 deprecated）。
+func (db *DB) GetProjectDashboardSummary(factLimit int) (*ProjectDashboardSummary, error) {
+	if factLimit <= 0 {
+		factLimit = 5
+	}
+	if factLimit > 50 {
+		factLimit = 50
+	}
+
+	out := &ProjectDashboardSummary{
+		RecentFacts: []ProjectDashboardFact{},
+	}
+
+	if err := db.QueryRow(`SELECT COUNT(*) FROM projects WHERE status = 'active'`).Scan(&out.Totals.ActiveProjects); err != nil {
+		return nil, fmt.Errorf("统计活跃项目失败: %w", err)
+	}
+	if err := db.QueryRow(
+		`SELECT COUNT(*) FROM project_facts f
+		 INNER JOIN projects p ON p.id = f.project_id
+		 WHERE f.confidence != 'deprecated' AND p.status = 'active'`,
+	).Scan(&out.Totals.TotalFacts); err != nil {
+		return nil, fmt.Errorf("统计事实失败: %w", err)
+	}
+
+	rows, err := db.Query(
+		`SELECT f.id, f.project_id, p.name, f.fact_key, f.category, f.summary, f.confidence, f.pinned, f.updated_at
+		 FROM project_facts f
+		 INNER JOIN projects p ON p.id = f.project_id
+		 WHERE f.confidence != 'deprecated' AND p.status = 'active'
+		 ORDER BY f.pinned DESC, f.updated_at DESC
+		 LIMIT ?`,
+		factLimit,
+	)
+	if err != nil {
+		return nil, fmt.Errorf("查询近期事实失败: %w", err)
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		var item ProjectDashboardFact
+		var pinned int
+		var updatedAt string
+		if err := rows.Scan(
+			&item.ID, &item.ProjectID, &item.ProjectName, &item.FactKey,
+			&item.Category, &item.Summary, &item.Confidence, &pinned, &updatedAt,
+		); err != nil {
+			return nil, err
+		}
+		item.Pinned = pinned != 0
+		item.ProjectName = strings.TrimSpace(item.ProjectName)
+		item.UpdatedAt = parseDBTime(updatedAt)
+		out.RecentFacts = append(out.RecentFacts, item)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return out, nil
+}
@@ -135,54 +135,6 @@ func TestRestoreProjectFact(t *testing.T) {
 	}
 }

-func TestUpsertProjectFact_createsVersionOnContentChange(t *testing.T) {
-	dbPath := filepath.Join(t.TempDir(), "facts.db")
-	db, err := NewDB(dbPath, zap.NewNop())
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer db.Close()
-
-	proj, err := db.CreateProject(&Project{Name: "version-test"})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	created, err := db.UpsertProjectFact(&ProjectFact{
-		ProjectID: proj.ID,
-		FactKey:   "finding/xss",
-		Category:  "finding",
-		Summary:   "v1",
-		Body:      "body v1",
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if created.SupersedesFactID != "" {
-		t.Fatalf("expected no supersedes on create, got %q", created.SupersedesFactID)
-	}
-
-	updated, err := db.UpsertProjectFact(&ProjectFact{
-		ProjectID: proj.ID,
-		FactKey:   "finding/xss",
-		Summary:   "v2",
-		Body:      "body v2",
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if updated.SupersedesFactID == "" {
-		t.Fatal("expected supersedes_fact_id after content change")
-	}
-	prev, err := db.GetProjectFactVersion(updated.SupersedesFactID)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if prev.Summary != "v1" || prev.Body != "body v1" {
-		t.Fatalf("previous version mismatch: summary=%q body=%q", prev.Summary, prev.Body)
-	}
-}
-
 func TestMergeFactBodyOnUpdate(t *testing.T) {
 	if got := mergeFactBodyOnUpdate("", "keep"); got != "keep" {
 		t.Fatalf("empty incoming: got %q", got)
@@ -1,144 +0,0 @@
-package database
-
-import (
-	"database/sql"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-)
-
-// ProjectFactVersion 事实历史快照（同 fact_key 更新前归档）。
-type ProjectFactVersion struct {
-	ID                     string    `json:"id"`
-	FactID                 string    `json:"fact_id"`
-	ProjectID              string    `json:"project_id"`
-	FactKey                string    `json:"fact_key"`
-	Category               string    `json:"category"`
-	Summary                string    `json:"summary"`
-	Body                   string    `json:"body"`
-	Confidence             string    `json:"confidence"`
-	SourceConversationID   string    `json:"source_conversation_id,omitempty"`
-	SourceMessageID        string    `json:"source_message_id,omitempty"`
-	Pinned                 bool      `json:"pinned"`
-	RelatedVulnerabilityID string    `json:"related_vulnerability_id,omitempty"`
-	ArchivedAt             time.Time `json:"archived_at"`
-}
-
-// InsertProjectFactVersion 将当前事实行快照写入版本表。
-func (db *DB) InsertProjectFactVersion(f *ProjectFact) (string, error) {
-	if f == nil || f.ID == "" {
-		return "", fmt.Errorf("无效的事实记录")
-	}
-	id := uuid.New().String()
-	now := time.Now()
-	_, err := db.Exec(
-		`INSERT INTO project_fact_versions (
-			id, fact_id, project_id, fact_key, category, summary, body, confidence,
-			source_conversation_id, source_message_id, pinned, related_vulnerability_id, archived_at
-		) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
-		id, f.ID, f.ProjectID, f.FactKey, f.Category, f.Summary, f.Body, f.Confidence,
-		nullIfEmpty(f.SourceConversationID), nullIfEmpty(f.SourceMessageID), boolToInt(f.Pinned),
-		nullIfEmpty(f.RelatedVulnerabilityID), now,
-	)
-	if err != nil {
-		return "", fmt.Errorf("归档事实版本失败: %w", err)
-	}
-	return id, nil
-}
-
-// GetProjectFactVersion 按版本 ID 获取快照。
-func (db *DB) GetProjectFactVersion(versionID string) (*ProjectFactVersion, error) {
-	row := db.QueryRow(
-		`SELECT id, fact_id, project_id, fact_key, category, summary, COALESCE(body,''), confidence,
-			COALESCE(source_conversation_id,''), COALESCE(source_message_id,''), pinned,
-			COALESCE(related_vulnerability_id,''), archived_at
-		 FROM project_fact_versions WHERE id = ?`, versionID,
-	)
-	return scanProjectFactVersionRow(row)
-}
-
-// ListProjectFactVersions 列出某条事实的全部历史版本（新→旧）。
-func (db *DB) ListProjectFactVersions(factID string, limit int) ([]*ProjectFactVersion, error) {
-	if limit <= 0 {
-		limit = 20
-	}
-	rows, err := db.Query(
-		`SELECT id, fact_id, project_id, fact_key, category, summary, COALESCE(body,''), confidence,
-			COALESCE(source_conversation_id,''), COALESCE(source_message_id,''), pinned,
-			COALESCE(related_vulnerability_id,''), archived_at
-		 FROM project_fact_versions WHERE fact_id = ? ORDER BY archived_at DESC LIMIT ?`,
-		factID, limit,
-	)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-	var out []*ProjectFactVersion
-	for rows.Next() {
-		v, err := scanProjectFactVersionFromRows(rows)
-		if err != nil {
-			return nil, err
-		}
-		out = append(out, v)
-	}
-	return out, rows.Err()
-}
-
-func projectFactContentChanged(existing, incoming *ProjectFact) bool {
-	if existing == nil || incoming == nil {
-		return false
-	}
-	mergedBody := mergeFactBodyOnUpdate(incoming.Body, existing.Body)
-	inCat := stringsTrimDefault(incoming.Category, existing.Category)
-	inConf := stringsTrimDefault(incoming.Confidence, existing.Confidence)
-	return existing.Summary != incoming.Summary ||
-		existing.Body != mergedBody ||
-		existing.Category != inCat ||
-		existing.Confidence != inConf
-}
-
-func stringsTrimDefault(s, fallback string) string {
-	if strings.TrimSpace(s) == "" {
-		return fallback
-	}
-	return strings.TrimSpace(s)
-}
-
-func scanProjectFactVersionRow(row *sql.Row) (*ProjectFactVersion, error) {
-	var v ProjectFactVersion
-	var pinned int
-	var archivedAt string
-	err := row.Scan(
-		&v.ID, &v.FactID, &v.ProjectID, &v.FactKey, &v.Category, &v.Summary, &v.Body, &v.Confidence,
-		&v.SourceConversationID, &v.SourceMessageID, &pinned,
-		&v.RelatedVulnerabilityID, &archivedAt,
-	)
-	if err != nil {
-		if err == sql.ErrNoRows {
-			return nil, fmt.Errorf("事实版本不存在")
-		}
-		return nil, err
-	}
-	v.Pinned = pinned != 0
-	v.ArchivedAt = parseDBTime(archivedAt)
-	return &v, nil
-}
-
-func scanProjectFactVersionFromRows(rows *sql.Rows) (*ProjectFactVersion, error) {
-	var v ProjectFactVersion
-	var pinned int
-	var archivedAt string
-	err := rows.Scan(
-		&v.ID, &v.FactID, &v.ProjectID, &v.FactKey, &v.Category, &v.Summary, &v.Body, &v.Confidence,
-		&v.SourceConversationID, &v.SourceMessageID, &pinned,
-		&v.RelatedVulnerabilityID, &archivedAt,
-	)
-	if err != nil {
-		return nil, err
-	}
-	v.Pinned = pinned != 0
-	v.ArchivedAt = parseDBTime(archivedAt)
-	return &v, nil
-}
@@ -37,7 +37,7 @@ func TestListProjectFacts_updatedAtJSON(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	projects, err := db.ListProjects("", 1, 0)
+	projects, err := db.ListProjects("", "", 1, 0)
 	if err != nil || len(projects) == 0 {
 		t.Skip("no projects")
 	}
@@ -101,7 +101,40 @@ func sameResponseStreamMeta(a, b map[string]interface{}) bool {
 	}
 	orchA, _ := a["orchestration"].(string)
 	orchB, _ := b["orchestration"].(string)
-	return strings.TrimSpace(orchA) == strings.TrimSpace(orchB)
+	if strings.TrimSpace(orchA) != strings.TrimSpace(orchB) {
+		return false
+	}
+	iterA := responseStreamIterationFromMeta(a)
+	iterB := responseStreamIterationFromMeta(b)
+	if iterA != 0 && iterB != 0 && iterA != iterB {
+		return false
+	}
+	streamA, _ := a["streamId"].(string)
+	streamB, _ := b["streamId"].(string)
+	streamA = strings.TrimSpace(streamA)
+	streamB = strings.TrimSpace(streamB)
+	if streamA != "" && streamB != "" && streamA != streamB {
+		return false
+	}
+	return true
+}
+
+func responseStreamIterationFromMeta(m map[string]interface{}) int {
+	if m == nil {
+		return 0
+	}
+	switch v := m["iteration"].(type) {
+	case int:
+		return v
+	case int32:
+		return int(v)
+	case int64:
+		return int(v)
+	case float64:
+		return int(v)
+	default:
+		return 0
+	}
 }

 func discardPlanningIfEchoesToolResult(respPlan *responsePlanAgg, toolData interface{}) {
@@ -96,18 +96,44 @@ func (h *ConversationHandler) ListConversations(c *gin.Context) {
 	limit, _ := strconv.Atoi(limitStr)
 	offset, _ := strconv.Atoi(offsetStr)

-	if limit <= 0 || limit > 100 {
+	if limit <= 0 {
 		limit = 50
 	}
+	if limit > 1000 {
+		limit = 1000
+	}

-	conversations, err := h.db.ListConversations(limit, offset, search)
+	excludeGrouped := strings.TrimSpace(search) == "" &&
+		(c.Query("exclude_grouped") == "true" || c.Query("exclude_grouped") == "1")
+
+	var conversations []*database.Conversation
+	var total int
+	var err error
+	if excludeGrouped {
+		conversations, err = h.db.ListUngroupedConversations(limit, offset)
+		if err == nil {
+			total, err = h.db.CountUngroupedConversations()
+		}
+	} else {
+		conversations, err = h.db.ListConversations(limit, offset, search)
+		if err == nil {
+			total, err = h.db.CountConversations(search)
+		}
+	}
 	if err != nil {
 		h.logger.Error("获取对话列表失败", zap.Error(err))
 		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
-
-	c.JSON(http.StatusOK, conversations)
+	if conversations == nil {
+		conversations = []*database.Conversation{}
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"conversations": conversations,
+		"total":         total,
+		"limit":         limit,
+		"offset":        offset,
+	})
 }

 // GetConversation 获取对话
@@ -61,12 +61,40 @@ func (h *ProjectHandler) CreateProject(c *gin.Context) {
 	c.JSON(http.StatusOK, created)
 }

+// GetDashboardSummary GET /api/projects/dashboard-summary
+func (h *ProjectHandler) GetDashboardSummary(c *gin.Context) {
+	limit, _ := strconv.Atoi(strings.TrimSpace(c.DefaultQuery("fact_limit", "5")))
+	if limit <= 0 {
+		limit = 5
+	}
+	if limit > 50 {
+		limit = 50
+	}
+	summary, err := h.db.GetProjectDashboardSummary(limit)
+	if err != nil {
+		h.logger.Error("获取项目仪表盘摘要失败", zap.Error(err))
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	if summary.RecentFacts == nil {
+		summary.RecentFacts = []database.ProjectDashboardFact{}
+	}
+	c.JSON(http.StatusOK, summary)
+}
+
 // ListProjects GET /api/projects
 func (h *ProjectHandler) ListProjects(c *gin.Context) {
 	status := c.Query("status")
-	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "200"))
+	search := c.Query("search")
+	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "50"))
 	offset, _ := strconv.Atoi(c.Query("offset"))
-	list, err := h.db.ListProjects(status, limit, offset)
+	if limit <= 0 {
+		limit = 50
+	}
+	if limit > 500 {
+		limit = 500
+	}
+	list, err := h.db.ListProjects(status, search, limit, offset)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
@@ -74,7 +102,17 @@ func (h *ProjectHandler) ListProjects(c *gin.Context) {
 	if list == nil {
 		list = []*database.Project{}
 	}
-	c.JSON(http.StatusOK, list)
+	total, err := h.db.CountProjects(status, search)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"projects": list,
+		"total":    total,
+		"limit":    limit,
+		"offset":   offset,
+	})
 }

 // GetProjectStats GET /api/projects/:id/stats
@@ -240,44 +278,6 @@ func (h *ProjectHandler) ListFacts(c *gin.Context) {
 	c.JSON(http.StatusOK, list)
 }

-// GetFactPreviousVersion GET /api/projects/:id/facts/:factId/previous-version
-func (h *ProjectHandler) GetFactPreviousVersion(c *gin.Context) {
-	existing, err := h.db.GetProjectFact(c.Param("factId"))
-	if err != nil || existing.ProjectID != c.Param("id") {
-		c.JSON(http.StatusNotFound, gin.H{"error": "事实不存在"})
-		return
-	}
-	if strings.TrimSpace(existing.SupersedesFactID) == "" {
-		c.JSON(http.StatusNotFound, gin.H{"error": "无上一版本"})
-		return
-	}
-	v, err := h.db.GetProjectFactVersion(existing.SupersedesFactID)
-	if err != nil {
-		c.JSON(http.StatusNotFound, gin.H{"error": err.Error()})
-		return
-	}
-	c.JSON(http.StatusOK, v)
-}
-
-// ListFactVersions GET /api/projects/:id/facts/:factId/versions
-func (h *ProjectHandler) ListFactVersions(c *gin.Context) {
-	existing, err := h.db.GetProjectFact(c.Param("factId"))
-	if err != nil || existing.ProjectID != c.Param("id") {
-		c.JSON(http.StatusNotFound, gin.H{"error": "事实不存在"})
-		return
-	}
-	limit, _ := strconv.Atoi(c.DefaultQuery("limit", "20"))
-	list, err := h.db.ListProjectFactVersions(existing.ID, limit)
-	if err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
-		return
-	}
-	if list == nil {
-		list = []*database.ProjectFactVersion{}
-	}
-	c.JSON(http.StatusOK, list)
-}
-
 // CreateFact POST /api/projects/:id/facts
 func (h *ProjectHandler) CreateFact(c *gin.Context) {
 	var req upsertFactRequest
@@ -314,7 +314,7 @@ func (h *RobotHandler) resolveProjectByIDOrName(idOrName string) (*database.Proj
 	if p, err := h.db.GetProject(idOrName); err == nil {
 		return p, ""
 	}
-	list, err := h.db.ListProjects("", 200, 0)
+	list, err := h.db.ListProjects("", "", 200, 0)
 	if err != nil {
 		return nil, "查询项目失败: " + err.Error()
 	}
@@ -353,7 +353,7 @@ func (h *RobotHandler) cmdProjects() string {
 	if !h.projectsEnabled() {
 		return "项目功能未启用（config.project.enabled）。"
 	}
-	list, err := h.db.ListProjects("", 50, 0)
+	list, err := h.db.ListProjects("", "", 50, 0)
 	if err != nil {
 		return "获取项目列表失败: " + err.Error()
 	}
@@ -176,6 +176,7 @@ func runEinoADKAgentLoop(ctx context.Context, args *einoADKRunLoopArgs, baseMsgs
 	lastPlanExecuteExecutor = ""
 	var reasoningStreamSeq int64
 	var einoSubReplyStreamSeq int64
+	var mainResponseStreamSeq int64
 	toolEmitSeen := make(map[string]struct{})
 	var einoMainRound int
 	var einoLastAgent string
@@ -632,6 +633,7 @@ func runEinoADKAgentLoop(ctx context.Context, args *einoADKRunLoopArgs, baseMsgs
 		mv := ev.Output.MessageOutput

 		if mv.IsStreaming && mv.MessageStream != nil {
+			mainStreamID := fmt.Sprintf("eino-main-%s-%d", conversationID, atomic.AddInt64(&mainResponseStreamSeq, 1))
 			streamHeaderSent := false
 			var reasoningStreamID string
 			var toolStreamFragments []schema.ToolCall
@@ -738,6 +740,8 @@ func runEinoADKAgentLoop(ctx context.Context, args *einoADKRunLoopArgs, baseMsgs
 											"einoRole":           "orchestrator",
 											"einoAgent":          ev.AgentName,
 											"orchestration":      orchMode,
+											"iteration":          einoMainRound,
+											"streamId":           mainStreamID,
 										})
 										streamHeaderSent = true
 									}
@@ -747,6 +751,8 @@ func runEinoADKAgentLoop(ctx context.Context, args *einoADKRunLoopArgs, baseMsgs
 										"einoRole":        "orchestrator",
 										"einoAgent":       ev.AgentName,
 										"orchestration":   orchMode,
+										"iteration":     einoMainRound,
+										"streamId":        mainStreamID,
 									}, mainAssistantBuf))
 									mainAssistWireAccum, _ = normalizeStreamingDelta(mainAssistWireAccum, contentDelta)
 								}
@@ -806,6 +812,8 @@ func runEinoADKAgentLoop(ctx context.Context, args *einoADKRunLoopArgs, baseMsgs
 										"einoRole":           "orchestrator",
 										"einoAgent":          ev.AgentName,
 										"orchestration":      orchMode,
+										"iteration":          einoMainRound,
+										"streamId":           mainStreamID,
 									})
 								}
 								progress("response_delta", eofTail, openai.WithSSEAccumulated(map[string]interface{}{
@@ -814,6 +822,8 @@ func runEinoADKAgentLoop(ctx context.Context, args *einoADKRunLoopArgs, baseMsgs
 									"einoRole":        "orchestrator",
 									"einoAgent":       ev.AgentName,
 									"orchestration":   orchMode,
+									"iteration":       einoMainRound,
+									"streamId":        mainStreamID,
 								}, mainAssistantBuf))
 								mainAssistWireAccum, _ = normalizeStreamingDelta(mainAssistWireAccum, eofTail)
 							}
@@ -916,6 +926,7 @@ func runEinoADKAgentLoop(ctx context.Context, args *einoADKRunLoopArgs, baseMsgs
 						}
 						executeStdoutDupMu.Unlock()
 						if progress != nil {
+							nonStreamID := fmt.Sprintf("eino-main-%s-%d", conversationID, atomic.AddInt64(&mainResponseStreamSeq, 1))
 							progress("response_start", "", map[string]interface{}{
 								"conversationId":     conversationID,
 								"mcpExecutionIds":    snapshotMCPIDs(),
@@ -923,6 +934,8 @@ func runEinoADKAgentLoop(ctx context.Context, args *einoADKRunLoopArgs, baseMsgs
 								"einoRole":           "orchestrator",
 								"einoAgent":          ev.AgentName,
 								"orchestration":      orchMode,
+								"iteration":          einoMainRound,
+								"streamId":           nonStreamID,
 							})
 							progress("response_delta", body, openai.WithSSEAccumulated(map[string]interface{}{
 								"conversationId":  conversationID,
@@ -930,6 +943,8 @@ func runEinoADKAgentLoop(ctx context.Context, args *einoADKRunLoopArgs, baseMsgs
 								"einoRole":        "orchestrator",
 								"einoAgent":       ev.AgentName,
 								"orchestration":   orchMode,
+								"iteration":       einoMainRound,
+								"streamId":        nonStreamID,
 							}, body))
 						}
 						lastAssistant = body
@@ -43,22 +43,6 @@ func sanitizeEinoPathSegment(s string) string {
 	return s
 }

-// localPlantaskBackend wraps the eino-ext local backend with plantask.Delete (Local has no Delete).
-type localPlantaskBackend struct {
-	*localbk.Local
-}
-
-func (l *localPlantaskBackend) Delete(ctx context.Context, req *plantask.DeleteRequest) error {
-	if l == nil || l.Local == nil || req == nil {
-		return nil
-	}
-	p := strings.TrimSpace(req.FilePath)
-	if p == "" {
-		return nil
-	}
-	return os.Remove(p)
-}
-
 func splitToolsForToolSearch(all []tool.BaseTool, alwaysVisible int) (static []tool.BaseTool, dynamic []tool.BaseTool, ok bool) {
 	if alwaysVisible <= 0 || len(all) <= alwaysVisible+1 {
 		return all, nil, false
@@ -238,7 +222,7 @@ func prependEinoMiddlewares(
 			if mk := os.MkdirAll(baseDir, 0o755); mk != nil {
 				return nil, nil, toolSearchActive, fmt.Errorf("plantask mkdir: %w", mk)
 			}
-			ptBE := &localPlantaskBackend{Local: einoLoc}
+			ptBE := newLocalPlantaskBackend(einoLoc)
 			pt, perr := plantask.New(ctx, &plantask.Config{Backend: ptBE, BaseDir: baseDir})
 			if perr != nil {
 				return nil, nil, toolSearchActive, fmt.Errorf("plantask: %w", perr)
@@ -117,6 +117,7 @@ func RunEinoSingleChatModelAgent(
 		},
 	}
 	httpClient = openai.NewEinoHTTPClient(&appCfg.OpenAI, httpClient)
+	openai.AttachSummarizationDiagTransport(httpClient, logger)

 	baseModelCfg := &einoopenai.ChatModelConfig{
 		APIKey:     appCfg.OpenAI.APIKey,
@@ -9,15 +9,19 @@ import (

 	"cyberstrike-ai/internal/agent"
 	"cyberstrike-ai/internal/config"
+	copenai "cyberstrike-ai/internal/openai"

 	"github.com/bytedance/sonic"
 	"github.com/cloudwego/eino/adk"
 	"github.com/cloudwego/eino/adk/middlewares/summarization"
 	"github.com/cloudwego/eino/components/model"
 	"github.com/cloudwego/eino/schema"
+	einoopenai "github.com/cloudwego/eino-ext/components/model/openai"
 	"go.uber.org/zap"
 )

+const defaultSummarizationRetryMax = 3
+
 // einoSummarizeUserInstruction：压缩历史时保留渗透测试关键信息。
 const einoSummarizeUserInstruction = `在保持所有关键安全测试信息完整的前提下压缩对话历史。

@@ -89,8 +93,32 @@ func newEinoSummarizationMiddleware(
 		}
 	}

+	retryMax := defaultSummarizationRetryMax
+	if mwCfg != nil && mwCfg.SummarizationRetryMaxAttempts > 0 {
+		retryMax = mwCfg.SummarizationRetryMaxAttempts
+	}
+
+	// ModelOptions apply only to summarization Generate (same ChatModel instance as the agent).
+	// Strip thinking/reasoning on this call path; mark requests for empty-choices diagnostics.
+	summaryModelOpts := []model.Option{
+		einoopenai.WithExtraHeader(map[string]string{
+			copenai.SummarizationRequestHeader: "1",
+		}),
+		einoopenai.WithRequestPayloadModifier(func(_ context.Context, in []*schema.Message, rawBody []byte) ([]byte, error) {
+			if logger != nil {
+				logger.Info("eino summarization generate request",
+					zap.Int("input_messages", len(in)),
+					zap.Int("payload_bytes", len(rawBody)),
+					zap.String("model", modelName),
+				)
+			}
+			return stripReasoningFromSummarizationPayload(rawBody)
+		}),
+	}
+
 	mw, err := summarization.New(ctx, &summarization.Config{
-		Model: summaryModel,
+		Model:        summaryModel,
+		ModelOptions: summaryModelOpts,
 		Trigger: &summarization.TriggerCondition{
 			ContextTokens: trigger,
 		},
@@ -102,24 +130,43 @@ func newEinoSummarizationMiddleware(
 			Enabled:   true,
 			MaxTokens: preserveMax,
 		},
+		Retry: &summarization.RetryConfig{
+			MaxRetries: &retryMax,
+			ShouldRetry: func(_ context.Context, _ adk.Message, err error) bool {
+				if err != nil && logger != nil {
+					logger.Warn("eino summarization generate attempt failed, will retry if attempts remain",
+						zap.Error(err),
+						zap.Int("max_retries", retryMax),
+					)
+				}
+				return err != nil
+			},
+		},
 		Finalize: func(ctx context.Context, originalMessages []adk.Message, summary adk.Message) ([]adk.Message, error) {
 			return summarizeFinalizeWithRecentAssistantToolTrail(ctx, originalMessages, summary, tokenCounter, recentTrailMax)
 		},
 		Callback: func(ctx context.Context, before, after adk.ChatModelAgentState) error {
-			if logger == nil {
-				return nil
+			if transcriptPath != "" && len(before.Messages) > 0 {
+				if werr := writeSummarizationTranscript(transcriptPath, before.Messages); werr != nil && logger != nil {
+					logger.Warn("eino summarization transcript 写入失败",
+						zap.String("path", transcriptPath),
+						zap.Error(werr),
+					)
+				}
+			}
+			if logger != nil {
+				beforeTokens, _ := tokenCounter(ctx, &summarization.TokenCounterInput{Messages: before.Messages})
+				afterTokens, _ := tokenCounter(ctx, &summarization.TokenCounterInput{Messages: after.Messages})
+				logger.Info("eino summarization 已压缩上下文",
+					zap.Int("messages_before", len(before.Messages)),
+					zap.Int("messages_after", len(after.Messages)),
+					zap.Int("tokens_before_estimated", beforeTokens),
+					zap.Int("tokens_after_estimated", afterTokens),
+					zap.Int("max_total_tokens", maxTotal),
+					zap.Int("trigger_context_tokens", trigger),
+					zap.String("transcript_file", transcriptPath),
+				)
 			}
-			beforeTokens, _ := tokenCounter(ctx, &summarization.TokenCounterInput{Messages: before.Messages})
-			afterTokens, _ := tokenCounter(ctx, &summarization.TokenCounterInput{Messages: after.Messages})
-			logger.Info("eino summarization 已压缩上下文",
-				zap.Int("messages_before", len(before.Messages)),
-				zap.Int("messages_after", len(after.Messages)),
-				zap.Int("tokens_before_estimated", beforeTokens),
-				zap.Int("tokens_after_estimated", afterTokens),
-				zap.Int("max_total_tokens", maxTotal),
-				zap.Int("trigger_context_tokens", trigger),
-				zap.String("transcript_file", transcriptPath),
-			)
 			return nil
 		},
 	})
@@ -295,6 +342,23 @@ func splitMessagesIntoRounds(msgs []adk.Message) []messageRound {
 	return rounds
 }

+// writeSummarizationTranscript persists pre-compaction history for read_file after summarization.
+// Eino TranscriptFilePath only embeds the path in summary text; the file must be written by the host app.
+func writeSummarizationTranscript(path string, msgs []adk.Message) error {
+	path = strings.TrimSpace(path)
+	if path == "" {
+		return nil
+	}
+	body := formatSummarizationTranscript(msgs)
+	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
+		return fmt.Errorf("mkdir transcript dir: %w", err)
+	}
+	if err := os.WriteFile(path, []byte(body), 0o600); err != nil {
+		return fmt.Errorf("write transcript: %w", err)
+	}
+	return nil
+}
+
 func einoSummarizationTokenCounter(openAIModel string) summarization.TokenCounterFunc {
 	tc := agent.NewTikTokenCounter()
 	return func(ctx context.Context, input *summarization.TokenCounterInput) (int, error) {
@@ -0,0 +1,35 @@
+package multiagent
+
+import (
+	"github.com/bytedance/sonic"
+)
+
+// stripReasoningFromSummarizationPayload removes thinking / reasoning fields from a
+// chat-completions JSON body. Applied only to summarization Generate calls via
+// model.ModelOptions on the shared ChatModel — main-agent requests are unchanged.
+func stripReasoningFromSummarizationPayload(rawBody []byte) ([]byte, error) {
+	var payload map[string]any
+	if err := sonic.Unmarshal(rawBody, &payload); err != nil {
+		return rawBody, nil
+	}
+	changed := false
+	for _, key := range []string{
+		"thinking",
+		"reasoning_effort",
+		"output_config",
+		"reasoning",
+	} {
+		if _, ok := payload[key]; ok {
+			delete(payload, key)
+			changed = true
+		}
+	}
+	if !changed {
+		return rawBody, nil
+	}
+	out, err := sonic.Marshal(payload)
+	if err != nil {
+		return rawBody, err
+	}
+	return out, nil
+}
@@ -0,0 +1,30 @@
+package multiagent
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestStripReasoningFromSummarizationPayload(t *testing.T) {
+	in := []byte(`{"model":"deepseek-chat","messages":[],"thinking":{"type":"enabled"},"reasoning_effort":"high"}`)
+	out, err := stripReasoningFromSummarizationPayload(in)
+	if err != nil {
+		t.Fatal(err)
+	}
+	s := string(out)
+	if strings.Contains(s, "thinking") || strings.Contains(s, "reasoning_effort") {
+		t.Fatalf("expected reasoning fields stripped, got %s", s)
+	}
+	if !strings.Contains(s, `"model":"deepseek-chat"`) {
+		t.Fatalf("expected model preserved, got %s", s)
+	}
+
+	plain := []byte(`{"model":"gpt-4o","messages":[]}`)
+	out2, err := stripReasoningFromSummarizationPayload(plain)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(out2) != string(plain) {
+		t.Fatalf("expected unchanged payload, got %s", out2)
+	}
+}
@@ -2,6 +2,9 @@ package multiagent

 import (
 	"context"
+	"os"
+	"path/filepath"
+	"strings"
 	"testing"

 	"github.com/cloudwego/eino/adk"
@@ -343,3 +346,91 @@ func assertNoOrphanTool(t *testing.T, msgs []adk.Message) {
 		}
 	}
 }
+
+func TestWriteSummarizationTranscript(t *testing.T) {
+	t.Parallel()
+	dir := t.TempDir()
+	path := filepath.Join(dir, "summarization", "transcript.txt")
+	msgs := []adk.Message{
+		schema.UserMessage("scan target"),
+		assistantToolCallsMsg("", "tc1"),
+		schema.ToolMessage("nmap output", "tc1"),
+	}
+	if err := writeSummarizationTranscript(path, msgs); err != nil {
+		t.Fatalf("writeSummarizationTranscript: %v", err)
+	}
+	body, err := os.ReadFile(path)
+	if err != nil {
+		t.Fatalf("read transcript: %v", err)
+	}
+	text := string(body)
+	if !strings.Contains(text, "Pre-compaction session record") {
+		t.Fatalf("missing transcript header: %q", text)
+	}
+	if !strings.Contains(text, "[user]") || !strings.Contains(text, "scan target") {
+		t.Fatalf("missing user section: %q", text)
+	}
+	if !strings.Contains(text, "tool_calls:") || !strings.Contains(text, "nmap output") {
+		t.Fatalf("missing tool round: %q", text)
+	}
+}
+
+func TestSanitizeSystemContentForTranscript_BestPractice(t *testing.T) {
+	t.Parallel()
+	system := strings.Join([]string{
+		"以下是当前会话绑定的工具名称索引（仅名称，无参数 JSON Schema）。",
+		"- nmap",
+		"- nuclei",
+		"",
+		"使用规则：",
+		"1) 上表仅为名称索引",
+		"5) 不要臆造不存在的工具名。",
+		"",
+		"你是CyberStrikeAI，是一个专业的网络安全渗透测试专家。",
+		"高强度扫描要求：全力出击",
+		"",
+		"## 项目黑板索引（project: 123, id: abc）",
+		"（暂无事实）",
+		"需要写入请使用 upsert_project_fact。",
+		"",
+		"# Skills System",
+		"**How to Use Skills**",
+		"Remember: Skills make you more capable",
+	}, "\n")
+
+	out := sanitizeSystemContentForTranscript(system)
+	if strings.Contains(out, "以下是当前会话绑定的工具名称索引") {
+		t.Fatalf("tool index should be stripped: %q", out)
+	}
+	if strings.Contains(out, "- nmap") || strings.Contains(out, "高强度扫描要求") {
+		t.Fatalf("static persona should be stripped: %q", out)
+	}
+	if strings.Contains(out, "# Skills System") || strings.Contains(out, "How to Use Skills") {
+		t.Fatalf("skills boilerplate should be stripped: %q", out)
+	}
+	if !strings.Contains(out, transcriptStaticSystemOmitNote) {
+		t.Fatalf("missing omission note: %q", out)
+	}
+	if !strings.Contains(out, "## 项目黑板索引（project: 123, id: abc）") {
+		t.Fatalf("project blackboard should be kept: %q", out)
+	}
+}
+
+func TestFormatSummarizationTranscript_OmitsBloatedSystem(t *testing.T) {
+	t.Parallel()
+	msgs := []adk.Message{
+		schema.SystemMessage("以下是当前会话绑定的工具名称索引\n- nmap\n\n你是CyberStrikeAI\n## 项目黑板索引（project: p1, id: x）\n（暂无事实）\n# Skills System\nboiler"),
+		schema.UserMessage("hello"),
+		schema.AssistantMessage("reply", nil),
+	}
+	out := formatSummarizationTranscript(msgs)
+	if strings.Contains(out, "- nmap") {
+		t.Fatalf("tool list leaked into transcript: %q", out)
+	}
+	if !strings.Contains(out, "hello") || !strings.Contains(out, "reply") {
+		t.Fatalf("conversation turns missing: %q", out)
+	}
+	if !strings.Contains(out, "## 项目黑板索引（project: p1, id: x）") {
+		t.Fatalf("dynamic blackboard missing: %q", out)
+	}
+}
@@ -0,0 +1,145 @@
+package multiagent
+
+import (
+	"strings"
+
+	"github.com/cloudwego/eino/adk"
+	"github.com/cloudwego/eino/schema"
+
+	"github.com/bytedance/sonic"
+)
+
+const (
+	transcriptFileHeader = `# CyberStrikeAI summarization transcript
+# Pre-compaction session record for read_file after context compression.
+# Omits static system/tool-index/skills boilerplate; full user/assistant/tool turns below.
+
+`
+	transcriptStaticSystemOmitNote = "[static system prompt omitted — unchanged in live context after compaction]"
+	transcriptToolIndexStartMarker   = "以下是当前会话绑定的工具名称索引"
+	transcriptPersonaStartMarker     = "你是CyberStrikeAI"
+	transcriptSkillsSystemMarker     = "# Skills System"
+	transcriptProjectBlackboardMarker  = "## 项目黑板索引"
+)
+
+// formatSummarizationTranscript renders pre-compaction messages for transcript.txt.
+// Best practice: keep full user/assistant/tool turns; slim system to dynamic blocks only.
+func formatSummarizationTranscript(msgs []adk.Message) string {
+	var sb strings.Builder
+	sb.WriteString(transcriptFileHeader)
+	wrote := false
+	for _, msg := range msgs {
+		if msg == nil {
+			continue
+		}
+		switch msg.Role {
+		case schema.System:
+			body := sanitizeSystemContentForTranscript(msg.Content)
+			if strings.TrimSpace(body) == "" {
+				continue
+			}
+			if wrote {
+				sb.WriteString("\n")
+			}
+			appendTranscriptSection(&sb, schema.System, body)
+			wrote = true
+		default:
+			if wrote {
+				sb.WriteString("\n")
+			}
+			appendTranscriptMessage(&sb, msg)
+			wrote = true
+		}
+	}
+	return sb.String()
+}
+
+func sanitizeSystemContentForTranscript(content string) string {
+	content = stripToolNamesIndexFromSystem(content)
+	content = stripSkillsSystemBoilerplate(content)
+	blackboard := extractProjectBlackboardSection(content)
+
+	var sb strings.Builder
+	sb.WriteString(transcriptStaticSystemOmitNote)
+	if bb := strings.TrimSpace(blackboard); bb != "" {
+		sb.WriteString("\n\n")
+		sb.WriteString(bb)
+	}
+	return sb.String()
+}
+
+func stripToolNamesIndexFromSystem(s string) string {
+	if !strings.Contains(s, transcriptToolIndexStartMarker) {
+		return s
+	}
+	idx := strings.Index(s, transcriptPersonaStartMarker)
+	if idx < 0 {
+		return s
+	}
+	return strings.TrimSpace(s[idx:])
+}
+
+func stripSkillsSystemBoilerplate(s string) string {
+	idx := strings.Index(s, transcriptSkillsSystemMarker)
+	if idx < 0 {
+		return strings.TrimSpace(s)
+	}
+	return strings.TrimSpace(s[:idx])
+}
+
+func extractProjectBlackboardSection(s string) string {
+	idx := strings.Index(s, transcriptProjectBlackboardMarker)
+	if idx < 0 {
+		return ""
+	}
+	return strings.TrimSpace(s[idx:])
+}
+
+func appendTranscriptSection(sb *strings.Builder, role schema.RoleType, body string) {
+	sb.WriteString("--- [")
+	sb.WriteString(string(role))
+	sb.WriteString("] ---\n")
+	sb.WriteString(body)
+	if !strings.HasSuffix(body, "\n") {
+		sb.WriteByte('\n')
+	}
+}
+
+func appendTranscriptMessage(sb *strings.Builder, msg adk.Message) {
+	sb.WriteString("--- [")
+	sb.WriteString(string(msg.Role))
+	sb.WriteString("] ---\n")
+	if msg.Content != "" {
+		sb.WriteString(msg.Content)
+		if !strings.HasSuffix(msg.Content, "\n") {
+			sb.WriteByte('\n')
+		}
+	}
+	if msg.ReasoningContent != "" {
+		sb.WriteString("[reasoning]\n")
+		sb.WriteString(msg.ReasoningContent)
+		if !strings.HasSuffix(msg.ReasoningContent, "\n") {
+			sb.WriteByte('\n')
+		}
+	}
+	for _, part := range msg.UserInputMultiContent {
+		if part.Type == schema.ChatMessagePartTypeText && strings.TrimSpace(part.Text) != "" {
+			sb.WriteString(part.Text)
+			if !strings.HasSuffix(part.Text, "\n") {
+				sb.WriteByte('\n')
+			}
+		}
+	}
+	if len(msg.ToolCalls) > 0 {
+		if b, err := sonic.Marshal(msg.ToolCalls); err == nil {
+			sb.WriteString("tool_calls: ")
+			sb.Write(b)
+			sb.WriteByte('\n')
+		}
+	}
+	if msg.ToolCallID != "" {
+		sb.WriteString("tool_call_id: ")
+		sb.WriteString(msg.ToolCallID)
+		sb.WriteByte('\n')
+	}
+}
@@ -0,0 +1,71 @@
+package multiagent
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	localbk "github.com/cloudwego/eino-ext/adk/backend/local"
+	"github.com/cloudwego/eino/adk/middlewares/plantask"
+)
+
+// localPlantaskBackend adapts eino-ext local filesystem backend for Eino plantask.
+//
+// plantask TaskCreate/TaskList list a directory via LsInfo, then Read using each entry's Path.
+// local.LsInfo returns basenames only (e.g. ".highwatermark"), while local.Read expects a
+// resolvable path — causing "file not found: .highwatermark" on the second TaskCreate.
+type localPlantaskBackend struct {
+	*localbk.Local
+}
+
+func newLocalPlantaskBackend(loc *localbk.Local) *localPlantaskBackend {
+	if loc == nil {
+		return nil
+	}
+	return &localPlantaskBackend{Local: loc}
+}
+
+// LsInfo lists files under req.Path and returns absolute paths suitable for subsequent Read calls.
+func (l *localPlantaskBackend) LsInfo(ctx context.Context, req *plantask.LsInfoRequest) ([]plantask.FileInfo, error) {
+	if l == nil || l.Local == nil {
+		return nil, fmt.Errorf("plantask backend: local nil")
+	}
+	if req == nil || strings.TrimSpace(req.Path) == "" {
+		return nil, fmt.Errorf("plantask backend: list path empty")
+	}
+	files, err := l.Local.LsInfo(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+	if len(files) == 0 {
+		return files, nil
+	}
+	base := filepath.Clean(req.Path)
+	out := make([]plantask.FileInfo, len(files))
+	for i, f := range files {
+		out[i] = f
+		name := strings.TrimSpace(f.Path)
+		if name == "" {
+			continue
+		}
+		if filepath.IsAbs(name) {
+			out[i].Path = filepath.Clean(name)
+			continue
+		}
+		out[i].Path = filepath.Join(base, name)
+	}
+	return out, nil
+}
+
+func (l *localPlantaskBackend) Delete(ctx context.Context, req *plantask.DeleteRequest) error {
+	if l == nil || l.Local == nil || req == nil {
+		return nil
+	}
+	p := strings.TrimSpace(req.FilePath)
+	if p == "" {
+		return nil
+	}
+	return os.Remove(p)
+}
@@ -0,0 +1,83 @@
+package multiagent
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"testing"
+
+	localbk "github.com/cloudwego/eino-ext/adk/backend/local"
+	"github.com/cloudwego/eino/adk/filesystem"
+	"github.com/cloudwego/eino/adk/middlewares/plantask"
+)
+
+func TestLocalPlantaskBackendLsInfoReturnsFullPaths(t *testing.T) {
+	t.Parallel()
+	ctx := context.Background()
+	baseDir := t.TempDir()
+
+	loc, err := localbk.NewBackend(ctx, &localbk.Config{})
+	if err != nil {
+		t.Fatalf("NewBackend: %v", err)
+	}
+	be := newLocalPlantaskBackend(loc)
+
+	hwPath := filepath.Join(baseDir, ".highwatermark")
+	if err := os.WriteFile(hwPath, []byte("1"), 0o600); err != nil {
+		t.Fatalf("write highwatermark: %v", err)
+	}
+
+	files, err := be.LsInfo(ctx, &plantask.LsInfoRequest{Path: baseDir})
+	if err != nil {
+		t.Fatalf("LsInfo: %v", err)
+	}
+	if len(files) != 1 {
+		t.Fatalf("expected 1 file, got %d", len(files))
+	}
+	if files[0].Path != hwPath {
+		t.Fatalf("expected full path %q, got %q", hwPath, files[0].Path)
+	}
+
+	content, err := be.Read(ctx, &plantask.ReadRequest{FilePath: files[0].Path})
+	if err != nil {
+		t.Fatalf("Read via LsInfo path: %v", err)
+	}
+	if content.Content != "1" {
+		t.Fatalf("unexpected content: %q", content.Content)
+	}
+}
+
+func TestLocalPlantaskBackendSecondTaskCreateScenario(t *testing.T) {
+	t.Parallel()
+	ctx := context.Background()
+	baseDir := t.TempDir()
+
+	loc, err := localbk.NewBackend(ctx, &localbk.Config{})
+	if err != nil {
+		t.Fatalf("NewBackend: %v", err)
+	}
+	be := newLocalPlantaskBackend(loc)
+
+	hwPath := filepath.Join(baseDir, ".highwatermark")
+	if err := loc.Write(ctx, &filesystem.WriteRequest{FilePath: hwPath, Content: "1"}); err != nil {
+		t.Fatalf("seed highwatermark: %v", err)
+	}
+
+	files, err := be.LsInfo(ctx, &plantask.LsInfoRequest{Path: baseDir})
+	if err != nil {
+		t.Fatalf("LsInfo: %v", err)
+	}
+	var hwFile string
+	for _, f := range files {
+		if filepath.Base(f.Path) == ".highwatermark" {
+			hwFile = f.Path
+			break
+		}
+	}
+	if hwFile == "" {
+		t.Fatal("highwatermark not listed")
+	}
+	if _, err := be.Read(ctx, &plantask.ReadRequest{FilePath: hwFile}); err != nil {
+		t.Fatalf("Read highwatermark (second TaskCreate path): %v", err)
+	}
+}
@@ -161,6 +161,7 @@ func RunDeepAgent(

 	// 若配置为 Claude provider，注入自动桥接 transport，对 Eino 透明走 Anthropic Messages API
 	httpClient = openai.NewEinoHTTPClient(&appCfg.OpenAI, httpClient)
+	openai.AttachSummarizationDiagTransport(httpClient, logger)

 	baseModelCfg := &einoopenai.ChatModelConfig{
 		APIKey:     appCfg.OpenAI.APIKey,
@@ -0,0 +1,88 @@
+package openai
+
+import (
+	"bytes"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/bytedance/sonic"
+	"go.uber.org/zap"
+)
+
+// SummarizationRequestHeader marks chat/completion requests issued by Eino summarization
+// middleware (via model.WithExtraHeader). The diagnostic transport logs empty-choices bodies
+// only for these requests so main-agent traffic stays quiet.
+const SummarizationRequestHeader = "X-CyberStrike-Summarization"
+
+const summarizationDiagBodyMaxBytes = 8192
+
+// AttachSummarizationDiagTransport wraps client.Transport to log raw API bodies when
+// summarization receives HTTP 200 with an empty choices array.
+func AttachSummarizationDiagTransport(client *http.Client, logger *zap.Logger) {
+	if client == nil || logger == nil {
+		return
+	}
+	base := client.Transport
+	if base == nil {
+		base = http.DefaultTransport
+	}
+	client.Transport = &summarizationDiagRoundTripper{base: base, logger: logger}
+}
+
+type summarizationDiagRoundTripper struct {
+	base   http.RoundTripper
+	logger *zap.Logger
+}
+
+func (rt *summarizationDiagRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	resp, err := rt.base.RoundTrip(req)
+	if err != nil || resp == nil || resp.Body == nil {
+		return resp, err
+	}
+	if !isSummarizationRequest(req) || !strings.Contains(strings.ToLower(resp.Header.Get("Content-Type")), "json") {
+		return resp, err
+	}
+
+	body, readErr := io.ReadAll(resp.Body)
+	_ = resp.Body.Close()
+	if readErr != nil {
+		resp.Body = io.NopCloser(bytes.NewReader(nil))
+		return resp, err
+	}
+	resp.Body = io.NopCloser(bytes.NewReader(body))
+	resp.ContentLength = int64(len(body))
+
+	if rt.logger != nil && summarizationResponseEmptyChoices(body) {
+		rt.logger.Warn("eino summarization: API returned empty choices",
+			zap.Int("status", resp.StatusCode),
+			zap.Int("response_bytes", len(body)),
+			zap.String("raw_body", truncateForLog(string(body), summarizationDiagBodyMaxBytes)),
+		)
+	}
+	return resp, err
+}
+
+func isSummarizationRequest(req *http.Request) bool {
+	if req == nil {
+		return false
+	}
+	return strings.TrimSpace(req.Header.Get(SummarizationRequestHeader)) == "1"
+}
+
+func summarizationResponseEmptyChoices(body []byte) bool {
+	var parsed struct {
+		Choices []any `json:"choices"`
+	}
+	if err := sonic.Unmarshal(body, &parsed); err != nil {
+		return false
+	}
+	return len(parsed.Choices) == 0
+}
+
+func truncateForLog(s string, maxBytes int) string {
+	if maxBytes <= 0 || len(s) <= maxBytes {
+		return s
+	}
+	return s[:maxBytes] + "…(truncated)"
+}
@@ -0,0 +1,47 @@
+package openai
+
+import (
+	"io"
+	"net/http"
+	"strings"
+	"testing"
+
+	"go.uber.org/zap"
+)
+
+type staticRoundTripper struct {
+	status int
+	body   string
+}
+
+func (s *staticRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	return &http.Response{
+		StatusCode: s.status,
+		Header:     http.Header{"Content-Type": []string{"application/json"}},
+		Body:       io.NopCloser(strings.NewReader(s.body)),
+	}, nil
+}
+
+func TestSummarizationResponseEmptyChoices(t *testing.T) {
+	if !summarizationResponseEmptyChoices([]byte(`{"choices":[]}`)) {
+		t.Fatal("expected empty choices")
+	}
+	if summarizationResponseEmptyChoices([]byte(`{"choices":[{"index":0}]}`)) {
+		t.Fatal("expected non-empty choices")
+	}
+}
+
+func TestSummarizationDiagRoundTripper_SkipsWithoutHeader(t *testing.T) {
+	client := &http.Client{
+		Transport: &summarizationDiagRoundTripper{
+			base:   &staticRoundTripper{status: 200, body: `{"choices":[]}`},
+			logger: zap.NewNop(),
+		},
+	}
+	req, _ := http.NewRequest(http.MethodPost, "https://example.com/v1/chat/completions", nil)
+	resp, err := client.Do(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	_ = resp.Body.Close()
+}
@@ -39,9 +39,9 @@ parameters:
    default: true
  - name: "form_extraction"
    type: "bool"
-    description: "启用表单提取"
+    description: "启用表单提取（-fx / -form-extraction）"
    required: false
-    flag: "-forms"
+    flag: "-fx"
    format: "flag"
    default: true
  - name: "additional_args"
@@ -50,10 +50,10 @@ parameters:
      额外的Katana参数。用于传递未在参数列表中定义的Katana选项。

      **示例值：**
-      - "--headless": 使用无头浏览器
-      - "-f": 输出格式
-      - "-o output.txt": 输出到文件
-      - "-c": 并发数
+      - "-headless": 使用无头浏览器
+      - "-output-template '{{url}}'": 自定义输出格式
+      - "-output output.txt": 输出到文件
+      - "-c 20": 并发数

      **注意事项：**
      - 多个参数用空格分隔
@@ -37,7 +37,6 @@
   Form Controls (scoped to C2 pages)
   ============================================================================ */

-#page-c2 .form-control,
 #page-c2-listeners .form-control,
 #page-c2-sessions .form-control,
 #page-c2-tasks .form-control,
@@ -61,7 +60,6 @@
    appearance: none;
 }

-#page-c2 .form-control:focus,
 #page-c2-listeners .form-control:focus,
 #page-c2-sessions .form-control:focus,
 #page-c2-tasks .form-control:focus,
@@ -73,7 +71,6 @@
    box-shadow: 0 0 0 3px var(--c2-accent-dim);
 }

-#page-c2 select.form-control,
 #page-c2-payloads select.form-control,
 .c2-modal select.form-control {
    background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' viewBox='0 0 12 12'%3E%3Cpath fill='%2364748b' d='M2.5 4.5L6 8l3.5-3.5'/%3E%3C/svg%3E");
@@ -85,7 +82,6 @@
 }

 /* 原生下拉：避免 appearance:none 在部分浏览器中导致 select 无法正常展开 */
-#page-c2 select.form-control.c2-native-select,
 #page-c2-payloads select.form-control.c2-native-select,
 .c2-modal select.form-control.c2-native-select {
    appearance: auto;
@@ -94,7 +90,6 @@
    padding-right: 14px;
 }

-#page-c2 textarea.form-control,
 #page-c2-payloads textarea.form-control,
 .c2-modal textarea.form-control {
    resize: vertical;
@@ -104,7 +99,6 @@
    line-height: 1.6;
 }

-#page-c2 .form-control::placeholder,
 #page-c2-payloads .form-control::placeholder,
 .c2-modal .form-control::placeholder {
    color: var(--c2-text-muted);
@@ -140,9 +134,6 @@
   Layout
   ============================================================================ */

-.c2-layout { display: flex; flex-direction: column; height: 100%; }
-.c2-main { flex: 1; overflow-y: auto; }
-
 .c2-empty {
    display: flex;
    flex-direction: column;
@@ -171,103 +162,6 @@
    margin: 12px;
 }

-/* ============================================================================
-   Dashboard / Welcome
-   ============================================================================ */
-
-.c2-welcome {
-    text-align: center;
-    padding: 100px 24px 80px;
-    max-width: 860px;
-    margin: 0 auto;
-}
-
-.c2-welcome-icon {
-    margin-bottom: 16px;
-    animation: c2-float 4s ease-in-out infinite;
-}
-
-@keyframes c2-float {
-    0%, 100% { transform: translateY(0); }
-    50% { transform: translateY(-8px); }
-}
-
-.c2-welcome h3 {
-    font-size: 28px;
-    margin-bottom: 12px;
-    color: var(--c2-text);
-    font-weight: 800;
-    letter-spacing: -0.5px;
-}
-
-.c2-welcome p {
-    color: var(--c2-text-dim);
-    font-size: 15px;
-    line-height: 1.7;
-    margin-bottom: 48px;
-    max-width: 520px;
-    margin-left: auto;
-    margin-right: auto;
-}
-
-.c2-stats {
-    display: flex;
-    justify-content: center;
-    gap: 16px;
-    margin-bottom: 48px;
-    flex-wrap: wrap;
-}
-
-.c2-stat-item {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    padding: 28px 40px;
-    background: var(--c2-surface);
-    border-radius: var(--c2-radius);
-    border: 1.5px solid var(--c2-border);
-    min-width: 160px;
-    transition: all 0.3s ease;
-}
-
-.c2-stat-item:hover {
-    transform: translateY(-4px);
-    box-shadow: var(--c2-shadow-md);
-    border-color: var(--c2-accent);
-}
-
-.c2-stat-item:nth-child(1) .c2-stat-value { color: var(--c2-accent); }
-.c2-stat-item:nth-child(2) .c2-stat-value { color: var(--c2-green); }
-.c2-stat-item:nth-child(3) .c2-stat-value { color: var(--c2-amber); }
-
-.c2-stat-value {
-    font-size: 36px;
-    font-weight: 800;
-    line-height: 1;
-    letter-spacing: -1px;
-}
-
-.c2-stat-label {
-    font-size: 12px;
-    color: var(--c2-text-dim);
-    margin-top: 12px;
-    font-weight: 600;
-    letter-spacing: 0.3px;
-}
-
-.c2-actions {
-    display: flex;
-    gap: 12px;
-    justify-content: center;
-    flex-wrap: wrap;
-    max-width: 420px;
-    margin-inline: auto;
-}
-
-.c2-actions > button {
-    flex: 1;
-    min-width: min(100%, 160px);
-}
 /* ============================================================================
   Listener Cards
   ============================================================================ */
@@ -1532,26 +1426,7 @@
    color: var(--c2-text);
 }

-.c2-modal-close {
-    font-size: 18px;
-    cursor: pointer;
-    color: var(--c2-text-muted);
-    background: none;
-    border: none;
-    padding: 0;
-    width: 32px;
-    height: 32px;
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    border-radius: var(--c2-radius-xs);
-    transition: all 0.15s;
-}
-
-.c2-modal-close:hover {
-    background: var(--c2-surface-alt);
-    color: var(--c2-text);
-}
+/* .c2-modal-close 样式见 style.css 统一关闭按钮 */

 .c2-modal-body { padding: 24px 28px; }

@@ -1590,7 +1465,6 @@
        border-right: none;
        border-bottom: 1px solid var(--c2-border);
    }
-    .c2-stats { flex-direction: column; gap: 12px; }
    .c2-payload-grid { grid-template-columns: 1fr; }
    .c2-listener-grid { grid-template-columns: 1fr; padding: 16px; }
    .c2-task-detail-grid { grid-template-columns: 1fr; }
@@ -79,7 +79,6 @@
    "settings": "System settings",
    "hitl": "Human-in-the-loop",
    "c2": "C2",
-    "c2Manage": "C2 management",
    "c2Listeners": "Listeners",
    "c2Sessions": "Sessions",
    "c2Tasks": "Tasks",
@@ -98,8 +97,13 @@
    "clickToViewTasks": "Click to view tasks",
    "clickToViewVuln": "Click to view vulnerabilities",
    "clickToViewMCP": "Click to view MCP monitor",
+    "accessOverviewTitle": "Access overview",
+    "accessTabsAria": "C2 and WebShell",
    "c2OverviewTitle": "C2 overview",
    "c2GoManage": "Open C2 →",
+    "webshellGoManage": "Open WebShell →",
+    "webshellConnections": "Active connections",
+    "webshellClickConnections": "View connections",
    "c2ListenersRunning": "Listeners running",
    "c2SessionsOnline": "Sessions online",
    "c2TasksPending": "Pending / queued tasks",
@@ -153,7 +157,14 @@
    "lastUpdated": "Last updated",
    "viewAll": "View all →",
    "recentVulns": "Recent vulnerabilities",
+    "recentFacts": "Recent facts",
    "noVulnYet": "No recent vulnerabilities",
+    "noFactsYet": "No recent facts",
+    "noFactsDesc": "In project-bound chats, the agent records targets, findings, and attack chains",
+    "createFirstProjectBtn": "Create first project",
+    "factProjectMeta": "{{project}} · {{key}}",
+    "factsAcrossProjects_one": "{{count}} active project · {{facts}} facts",
+    "factsAcrossProjects_other": "{{count}} active projects · {{facts}} facts",
    "capabilities": "Capabilities",
    "mcpTools": "MCP tools",
    "rolesLabel": "Roles",
@@ -230,6 +241,13 @@
    "newProjectCta": "+ New project",
    "projectList": "Project list",
    "searchProjectsPlaceholder": "Search projects…",
+    "paginationShow": "Show {{start}}-{{end}} of {{total}}",
+    "paginationRange": "{{start}}-{{end}}/{{total}}",
+    "paginationTotal": "{{total}} total",
+    "paginationPage": "{{page}}/{{total}}",
+    "paginationPerPage": "Per page",
+    "paginationPrev": "Previous",
+    "paginationNext": "Next",
    "selectOrCreateTitle": "Select or create a project",
    "selectOrCreateHint": "Projects share a cross-chat fact board; target, environment, auth and other facts are auto-injected in bound conversations.",
    "createFirstProject": "Create first project",
@@ -377,6 +395,7 @@
    "settingsIntroTitle": "Project settings",
    "settingsIntroHint": "Configure project metadata and Agent authorization boundary; takes effect immediately for bound conversations after saving.",
    "pinProject": "Pin project (show first in list)",
+    "pinFact": "Pin fact (prioritize in list and blackboard index)",
    "editDescriptionPlaceholder": "Targets, authorization scope, contacts, notes…",
    "scopeTitle": "Test scope",
    "scopeHint": "JSON format for Agent authorization boundary and target assets",
@@ -408,6 +427,13 @@
    "addGroup": "New group",
    "recentConversations": "Recent conversations",
    "batchManage": "Batch manage",
+    "paginationShow": "Show {{start}}-{{end}} of {{total}}",
+    "paginationRange": "{{start}}-{{end}}/{{total}}",
+    "paginationTotal": "{{total}} total",
+    "paginationPage": "{{page}}/{{total}}",
+    "paginationPerPage": "Per page",
+    "paginationPrev": "Previous",
+    "paginationNext": "Next",
    "attackChain": "Attack chain",
    "viewAttackChain": "View attack chain",
    "selectRole": "Select role",
@@ -2529,14 +2555,6 @@
    "checkboxLinkTitle": "Check to link this tool to this role"
  },
  "c2": {
-    "title": "C2 Management",
-    "welcomeTitle": "AI-Native C2 Framework",
-    "welcomeDesc": "MCP-native design: let LLM call C2 like calling nmap to complete the full chain: initial access → control → tasks → lateral movement → cleanup",
-    "statListeners": "Running Listeners",
-    "statSessions": "Online Sessions",
-    "statPending": "Pending Tasks",
-    "goListeners": "Manage Listeners",
-    "goSessions": "View Sessions",
    "clipboardCopied": "Copied to clipboard",
    "fmt": {
      "durationMs": "{{n}}ms",
@@ -79,7 +79,6 @@
    "settings": "系统设置",
    "hitl": "人机协同",
    "c2": "C2",
-    "c2Manage": "C2 管理",
    "c2Listeners": "监听器",
    "c2Sessions": "会话",
    "c2Tasks": "任务",
@@ -98,8 +97,13 @@
    "clickToViewTasks": "点击查看任务管理",
    "clickToViewVuln": "点击查看漏洞管理",
    "clickToViewMCP": "点击查看 MCP 监控",
+    "accessOverviewTitle": "接入概览",
+    "accessTabsAria": "C2 与 WebShell",
    "c2OverviewTitle": "C2 概览",
    "c2GoManage": "进入 C2 →",
+    "webshellGoManage": "进入 WebShell →",
+    "webshellConnections": "活跃连接",
+    "webshellClickConnections": "查看连接",
    "c2ListenersRunning": "运行中监听器",
    "c2SessionsOnline": "在线会话",
    "c2TasksPending": "待审 / 排队任务",
@@ -153,7 +157,13 @@
    "lastUpdated": "上次更新",
    "viewAll": "查看全部 →",
    "recentVulns": "最近漏洞",
+    "recentFacts": "近期事实",
    "noVulnYet": "暂无最近漏洞",
+    "noFactsYet": "暂无近期事实",
+    "noFactsDesc": "在绑定项目的对话中，Agent 会自动记录目标、漏洞、攻击链等事实",
+    "createFirstProjectBtn": "创建第一个项目",
+    "factProjectMeta": "{{project}} · {{key}}",
+    "factsAcrossProjects": "{{count}} 个活跃项目 · {{facts}} 条事实",
    "capabilities": "能力总览",
    "mcpTools": "MCP 工具",
    "rolesLabel": "角色",
@@ -219,6 +229,13 @@
    "newProjectCta": "+ 新建项目",
    "projectList": "项目列表",
    "searchProjectsPlaceholder": "搜索项目…",
+    "paginationShow": "显示 {{start}}-{{end}} / 共 {{total}}",
+    "paginationRange": "{{start}}-{{end}}/{{total}}",
+    "paginationTotal": "共 {{total}} 条",
+    "paginationPage": "{{page}}/{{total}}",
+    "paginationPerPage": "每页",
+    "paginationPrev": "上一页",
+    "paginationNext": "下一页",
    "selectOrCreateTitle": "选择或创建项目",
    "selectOrCreateHint": "项目用于跨对话共享「事实黑板」：目标、环境、认证等信息会在绑定项目的对话中自动注入。",
    "createFirstProject": "创建第一个项目",
@@ -366,6 +383,7 @@
    "settingsIntroTitle": "项目设置",
    "settingsIntroHint": "配置项目元数据与 Agent 授权边界，保存后即时生效于绑定对话。",
    "pinProject": "置顶项目（列表优先显示）",
+    "pinFact": "置顶事实（列表与黑板索引优先）",
    "editDescriptionPlaceholder": "测试目标、授权范围、联系人、注意事项…",
    "scopeTitle": "测试范围",
    "scopeHint": "JSON 格式，供 Agent 理解授权边界与目标资产",
@@ -397,6 +415,13 @@
    "addGroup": "新建分组",
    "recentConversations": "最近对话",
    "batchManage": "批量管理",
+    "paginationShow": "显示 {{start}}-{{end}} / 共 {{total}}",
+    "paginationRange": "{{start}}-{{end}}/{{total}}",
+    "paginationTotal": "共 {{total}} 条",
+    "paginationPage": "{{page}}/{{total}}",
+    "paginationPerPage": "每页",
+    "paginationPrev": "上一页",
+    "paginationNext": "下一页",
    "attackChain": "攻击链",
    "viewAttackChain": "查看攻击链",
    "selectRole": "选择角色",
@@ -2518,14 +2543,6 @@
    "checkboxLinkTitle": "勾选表示本角色关联使用该工具"
  },
  "c2": {
-    "title": "C2 管理",
-    "welcomeTitle": "AI-Native C2 框架",
-    "welcomeDesc": "以 MCP 工具为一等公民，让 LLM 可以像调用 nmap 一样调用 C2 完成「上线 → 控制 → 任务 → 横向 → 清场」全流程",
-    "statListeners": "运行中监听器",
-    "statSessions": "在线会话",
-    "statPending": "待审任务",
-    "goListeners": "管理监听器",
-    "goSessions": "查看会话",
    "clipboardCopied": "已复制到剪贴板",
    "fmt": {
      "durationMs": "{{n}}ms",
@@ -321,7 +321,6 @@
        }

        switch(pageId) {
-            case 'c2':
            case 'c2-listeners':
                C2.loadListeners();
                break;
@@ -370,7 +369,6 @@
                C2.profiles = pdata.profiles;
            }
            C2.renderListeners();
-            C2.updateDashboardStats();
        });
    };

@@ -736,7 +734,6 @@
        return apiRequest('GET', `${API_BASE}/sessions`).then(data => {
            C2.sessions = data.sessions || [];
            C2.renderSessions();
-            C2.updateDashboardStats();
        });
    };

@@ -1095,7 +1092,7 @@
            cursorBlink: true,
            cursorStyle: 'block',
            fontSize: 14,
-            fontFamily: 'Menlo, Monaco, "Courier New", monospace',
+            fontFamily: 'Menlo, Monaco, "Courier New", "PingFang SC", "Microsoft YaHei", monospace',
            lineHeight: 1.3,
            scrollback: 5000,
            theme: {
@@ -1480,10 +1477,32 @@
        return '/' + stack.join('/');
    };

+    /** 将 /d:/path/file 转为 Windows 远程路径 d:\path\file */
+    C2.toWindowsRemotePath = function(path) {
+        var p = String(path || '').trim().replace(/\\/g, '/');
+        if (/^\/[a-zA-Z]:\//.test(p)) {
+            p = p.slice(1);
+        }
+        return p.replace(/\//g, '\\');
+    };
+
+    C2.sessionIsWindows = function(session) {
+        if (!session) return false;
+        return String(session.os || '').toLowerCase().indexOf('windows') >= 0;
+    };
+
    C2.resolveRemotePath = function(browsePath, filename) {
        var joined = C2.joinFilePath(browsePath || '.', filename);
        if (!C2.implantPwd) return joined;
-        return C2.resolvePathAgainstPwd(C2.implantPwd, joined);
+        var resolved = C2.resolvePathAgainstPwd(C2.implantPwd, joined);
+        var session = null;
+        if (C2.selectedSessionId && C2.sessions) {
+            session = C2.sessions.find(function(s) { return s.id === C2.selectedSessionId; });
+        }
+        if (C2.sessionIsWindows(session)) {
+            return C2.toWindowsRemotePath(resolved);
+        }
+        return resolved;
    };

    C2.updateFileBreadcrumb = function(browsePath) {
@@ -2037,7 +2056,6 @@
            C2.renderTasks();
            C2.renderTasksPagination();
            C2.syncTasksToolbar();
-            C2.updateDashboardStats();
        }).catch(err => {
            showToast(err.message || String(err), 'error');
        });
@@ -2163,7 +2181,6 @@
            const tasks = data.tasks || [];
            if (typeof data.pending_queued_count === 'number') {
                C2.tasksPendingQueuedCount = data.pending_queued_count;
-                C2.updateDashboardStats();
            }
            
            if (!container) return;
@@ -2819,7 +2836,6 @@
            showToast(`[${event.category}] ${event.message}`, event.level === 'critical' ? 'error' : 'info');
        }

-        C2.updateDashboardStats();
    };

    // ============================================================================
@@ -2953,26 +2969,6 @@
        });
    };

-    // ============================================================================
-    // 仪表盘
-    // ============================================================================
-
-    C2.updateDashboardStats = function() {
-        const runningListeners = C2.listeners.filter(l => l.status === 'running').length;
-        const activeSessions = C2.sessions.filter(s => s.status === 'active').length;
-        const pendingTasks = typeof C2.tasksPendingQueuedCount === 'number'
-            ? C2.tasksPendingQueuedCount
-            : C2.tasks.filter(t => t.status === 'queued' || t.status === 'pending').length;
-
-        const elListeners = document.getElementById('c2-stat-listeners');
-        const elSessions = document.getElementById('c2-stat-sessions');
-        const elPending = document.getElementById('c2-stat-pending');
-
-        if (elListeners) elListeners.textContent = runningListeners;
-        if (elSessions) elSessions.textContent = activeSessions;
-        if (elPending) elPending.textContent = pendingTasks;
-    };
-
    // ============================================================================
    // 模态框
    // ============================================================================
@@ -2939,6 +2939,8 @@ function createConversationListItem(conversation) {
 // 处理历史记录搜索
 let conversationSearchTimer = null;
 function handleConversationSearch(query) {
+    conversationsPagination.page = 1;
+    conversationsSearchQuery = query || '';
    // 防抖处理，避免频繁请求
    if (conversationSearchTimer) {
        clearTimeout(conversationSearchTimer);
@@ -2972,6 +2974,8 @@ function clearConversationSearch() {
        clearBtn.style.display = 'none';
    }
    
+    conversationsPagination.page = 1;
+    conversationsSearchQuery = '';
    loadConversations('');
 }

@@ -3408,6 +3412,21 @@ async function deleteConversation(conversationId, skipConfirm = false) {
        } else if (typeof loadConversations === 'function') {
            loadConversations();
        }
+
+        // 批量管理弹窗打开时，同步刷新弹窗内列表
+        const batchModal = document.getElementById('batch-manage-modal');
+        if (batchModal && batchModal.style.display === 'flex') {
+            allConversationsForBatch = allConversationsForBatch.filter(c => c.id !== conversationId);
+            updateBatchManageTitle(allConversationsForBatch.length);
+            const searchInput = document.getElementById('batch-search-input');
+            const query = searchInput ? searchInput.value : '';
+            if (query && query.trim()) {
+                filterBatchConversations(query);
+            } else {
+                renderBatchConversations();
+            }
+        }
+
        // 通知其他模块（如 WebShell AI 助手）同步删除，保持列表一致
        try {
            document.dispatchEvent(new CustomEvent('conversation-deleted', { detail: { conversationId } }));
@@ -5608,6 +5627,168 @@ let groupsCache = [];
 let conversationGroupMappingCache = {};
 let pendingGroupMappings = {}; // 待保留的分组映射（用于处理后端API延迟的情况）
 let conversationsListLoadSeq = 0; // 对话列表加载序号，避免并发请求导致重复渲染
+const CONVERSATIONS_PAGE_SIZE_KEY = 'cyberstrike.conversations_page_size';
+
+function getConversationsPageSize() {
+    try {
+        const saved = parseInt(localStorage.getItem(CONVERSATIONS_PAGE_SIZE_KEY), 10);
+        if ([20, 50, 100].includes(saved)) return saved;
+    } catch (e) { /* ignore */ }
+    return 50;
+}
+
+let conversationsPagination = { page: 1, pageSize: getConversationsPageSize(), total: 0 };
+let conversationsSearchQuery = '';
+
+function parseListTotalValue(raw, itemsLength) {
+    if (typeof raw === 'number' && Number.isFinite(raw) && raw >= 0) return raw;
+    if (raw != null && raw !== '') {
+        const n = parseInt(String(raw), 10);
+        if (Number.isFinite(n) && n >= 0) return n;
+    }
+    return itemsLength;
+}
+
+function parseListOffsetValue(raw) {
+    if (typeof raw === 'number' && Number.isFinite(raw) && raw >= 0) return raw;
+    if (raw != null && raw !== '') {
+        const n = parseInt(String(raw), 10);
+        if (Number.isFinite(n) && n >= 0) return n;
+    }
+    return 0;
+}
+
+function parseConversationsListResponse(data) {
+    if (Array.isArray(data)) {
+        return { items: data, total: data.length, limit: data.length, offset: 0, isLegacyArray: true };
+    }
+    const items = data.conversations || data.items || [];
+    const arr = Array.isArray(items) ? items : [];
+    return {
+        items: arr,
+        total: parseListTotalValue(data.total, arr.length),
+        limit: parseListTotalValue(data.limit, arr.length) || arr.length,
+        offset: parseListOffsetValue(data.offset),
+        isLegacyArray: false,
+    };
+}
+
+async function resolveConversationsListTotal(params, parsed, pageSize, offset) {
+    const serverTotal = parsed.total;
+    if (!parsed.isLegacyArray && serverTotal > offset + parsed.items.length) {
+        return serverTotal;
+    }
+    if (parsed.items.length < pageSize) {
+        return Math.max(serverTotal, offset + parsed.items.length);
+    }
+    const probe = new URLSearchParams(params);
+    probe.set('offset', String(offset + pageSize));
+    probe.set('limit', '1');
+    try {
+        const res = await apiFetch(`/api/conversations?${probe}`);
+        if (!res.ok) return Math.max(serverTotal, offset + parsed.items.length);
+        const probeParsed = parseConversationsListResponse(await res.json());
+        if (probeParsed.total > serverTotal) return probeParsed.total;
+        if (probeParsed.items.length > 0) {
+            return Math.max(serverTotal, offset + pageSize + 1);
+        }
+    } catch (e) { /* ignore */ }
+    return Math.max(serverTotal, offset + parsed.items.length);
+}
+
+async function fetchAllConversations(searchQuery) {
+    let all = [];
+    const pageSize = 200;
+    let offset = 0;
+    let total = Infinity;
+    const search = (searchQuery || '').trim();
+    while (all.length < total) {
+        const params = new URLSearchParams({ limit: String(pageSize), offset: String(offset) });
+        if (search) params.set('search', search);
+        const res = await apiFetch(`/api/conversations?${params}`);
+        if (!res.ok) throw new Error('load conversations failed');
+        const parsed = parseConversationsListResponse(await res.json());
+        all = all.concat(parsed.items);
+        total = parsed.total;
+        if (!parsed.items.length) break;
+        offset += parsed.items.length;
+    }
+    return all;
+}
+
+function getConversationListEmptyHtml() {
+    return '<div class="conversations-list-empty" data-i18n="chat.noHistoryConversations"></div>';
+}
+
+function renderConversationsPagination(visibleCount) {
+    const el = document.getElementById('conversations-pagination');
+    if (!el) return;
+    const { page, pageSize, total } = conversationsPagination;
+    const count = typeof visibleCount === 'number' ? visibleCount : (conversationsPagination.visibleCount || 0);
+    conversationsPagination.visibleCount = count;
+
+    if (count === 0 || total === 0) {
+        el.innerHTML = '';
+        el.hidden = true;
+        return;
+    }
+
+    const totalPages = Math.max(1, Math.ceil(total / pageSize) || 1);
+    const navDisabled = totalPages <= 1;
+    el.hidden = false;
+    const start = (page - 1) * pageSize + 1;
+    const end = Math.min(page * pageSize, total);
+    const tFn = typeof window.t === 'function' ? window.t.bind(window) : null;
+    const infoText = tFn
+        ? tFn('chat.paginationRange', { start, end, total })
+        : `${start}-${end}/${total}`;
+    const pageText = tFn
+        ? tFn('chat.paginationPage', { page, total: totalPages })
+        : `${page}/${totalPages}`;
+    const perPageLabel = tFn ? tFn('chat.paginationPerPage') : 'Per page';
+    const prevLabel = tFn ? tFn('chat.paginationPrev') : 'Prev';
+    const nextLabel = tFn ? tFn('chat.paginationNext') : 'Next';
+    el.innerHTML = `
+        <div class="sidebar-list-pagination-inner sidebar-list-pagination-inner--compact">
+            <span class="pagination-info">${escapeHtml(infoText)}</span>
+            <div class="pagination-controls">
+                <button type="button" class="btn-icon-pagination" onclick="goConversationsPage(${page - 1})" ${page <= 1 || navDisabled ? 'disabled' : ''} title="${escapeHtml(prevLabel)}" aria-label="${escapeHtml(prevLabel)}">‹</button>
+                <span class="pagination-page">${escapeHtml(pageText)}</span>
+                <button type="button" class="btn-icon-pagination" onclick="goConversationsPage(${page + 1})" ${page >= totalPages || navDisabled ? 'disabled' : ''} title="${escapeHtml(nextLabel)}" aria-label="${escapeHtml(nextLabel)}">›</button>
+            </div>
+            <label class="pagination-page-size">
+                ${escapeHtml(perPageLabel)}
+                <select id="conversations-page-size-pagination" onchange="changeConversationsPageSize()">
+                    <option value="20" ${pageSize === 20 ? 'selected' : ''}>20</option>
+                    <option value="50" ${pageSize === 50 ? 'selected' : ''}>50</option>
+                    <option value="100" ${pageSize === 100 ? 'selected' : ''}>100</option>
+                </select>
+            </label>
+        </div>`;
+}
+
+function goConversationsPage(page) {
+    const totalPages = Math.max(1, Math.ceil((conversationsPagination.total || 0) / conversationsPagination.pageSize) || 1);
+    const next = Math.min(Math.max(1, page), totalPages);
+    if (next === conversationsPagination.page) return;
+    conversationsPagination.page = next;
+    loadConversationsWithGroups(conversationsSearchQuery);
+}
+
+function changeConversationsPageSize() {
+    const sel = document.getElementById('conversations-page-size-pagination');
+    const newSize = sel ? parseInt(sel.value, 10) : 50;
+    if (![20, 50, 100].includes(newSize)) return;
+    try {
+        localStorage.setItem(CONVERSATIONS_PAGE_SIZE_KEY, String(newSize));
+    } catch (e) { /* ignore */ }
+    conversationsPagination.pageSize = newSize;
+    conversationsPagination.page = 1;
+    loadConversationsWithGroups(conversationsSearchQuery);
+}
+
+window.goConversationsPage = goConversationsPage;
+window.changeConversationsPageSize = changeConversationsPageSize;

 // 加载分组列表
 async function loadGroups() {
@@ -5704,12 +5885,17 @@ async function loadGroups() {
 async function loadConversationsWithGroups(searchQuery = '') {
    const loadSeq = ++conversationsListLoadSeq;
    try {
-        // 并行加载分组列表、分组映射和对话列表（消除串行等待）
-        const limit = (searchQuery && searchQuery.trim()) ? 100 : 100;
-        let url = `/api/conversations?limit=${limit}`;
+        conversationsSearchQuery = searchQuery || '';
+        conversationsPagination.pageSize = getConversationsPageSize();
+        const pageSize = conversationsPagination.pageSize;
+        const offset = (conversationsPagination.page - 1) * pageSize;
+        const convParams = new URLSearchParams({ limit: String(pageSize), offset: String(offset) });
        if (searchQuery && searchQuery.trim()) {
-            url += '&search=' + encodeURIComponent(searchQuery.trim());
+            convParams.set('search', searchQuery.trim());
+        } else {
+            convParams.set('exclude_grouped', 'true');
        }
+        const url = `/api/conversations?${convParams}`;
        const [,, response] = await Promise.all([
            loadGroups(),
            loadConversationGroupMapping(),
@@ -5726,23 +5912,26 @@ async function loadConversationsWithGroups(searchQuery = '') {
        const sidebarContent = listContainer.closest('.sidebar-content');
        const savedScrollTop = sidebarContent ? sidebarContent.scrollTop : 0;

-        const emptyStateHtml = '<div style="padding: 20px; text-align: center; color: var(--text-muted); font-size: 0.875rem;" data-i18n="chat.noHistoryConversations"></div>';
+        const emptyStateHtml = getConversationListEmptyHtml();
        listContainer.innerHTML = '';

        // 如果响应不是200，显示空状态（友好处理，不显示错误）
        if (!response.ok) {
            listContainer.innerHTML = emptyStateHtml;
            if (typeof window.applyTranslations === 'function') window.applyTranslations(listContainer);
+            renderConversationsPagination(0);
            return;
        }

-        const conversations = await response.json();
+        const data = await response.json();
        if (loadSeq !== conversationsListLoadSeq) return;
+        const parsed = parseConversationsListResponse(data);
+        conversationsPagination.total = await resolveConversationsListTotal(convParams, parsed, pageSize, offset);

        // 双重保险：后端或并发情况下若出现重复ID，前端按ID去重
        const uniqueConversations = [];
        const seenConversationIds = new Set();
-        (Array.isArray(conversations) ? conversations : []).forEach(conv => {
+        parsed.items.forEach(conv => {
            if (!conv || !conv.id || seenConversationIds.has(conv.id)) {
                return;
            }
@@ -5753,6 +5942,7 @@ async function loadConversationsWithGroups(searchQuery = '') {
        if (uniqueConversations.length === 0) {
            listContainer.innerHTML = emptyStateHtml;
            if (typeof window.applyTranslations === 'function') window.applyTranslations(listContainer);
+            renderConversationsPagination(0);
            return;
        }
        
@@ -5863,15 +6053,29 @@ async function loadConversationsWithGroups(searchQuery = '') {
            fragment.appendChild(section);
        });

+        const visibleCount = pinnedConvs.length + Object.values(groups).reduce((n, arr) => n + (arr ? arr.length : 0), 0);
+        conversationsPagination.visibleCount = visibleCount;
+
+        if (!hasSearchQuery && visibleCount === 0 && parsed.items.length > 0) {
+            const totalPages = Math.max(1, Math.ceil(parsed.total / pageSize));
+            if (conversationsPagination.page < totalPages) {
+                conversationsPagination.page += 1;
+                loadConversationsWithGroups(searchQuery);
+                return;
+            }
+        }
+
        if (fragment.children.length === 0) {
            listContainer.innerHTML = emptyStateHtml;
            if (typeof window.applyTranslations === 'function') window.applyTranslations(listContainer);
+            renderConversationsPagination(0);
            return;
        }

        if (loadSeq !== conversationsListLoadSeq) return;
        listContainer.appendChild(fragment);
        updateActiveConversation();
+        renderConversationsPagination(visibleCount);
        
        // 恢复滚动位置
        if (sidebarContent) {
@@ -5888,9 +6092,9 @@ async function loadConversationsWithGroups(searchQuery = '') {
        // 错误时显示空状态，而不是错误提示（更友好的用户体验）
        const listContainer = document.getElementById('conversations-list');
        if (listContainer) {
-            const emptyStateHtml = '<div style="padding: 20px; text-align: center; color: var(--text-muted); font-size: 0.875rem;" data-i18n="chat.noHistoryConversations"></div>';
-            listContainer.innerHTML = emptyStateHtml;
+            listContainer.innerHTML = getConversationListEmptyHtml();
            if (typeof window.applyTranslations === 'function') window.applyTranslations(listContainer);
+            renderConversationsPagination(0);
        }
    }
 }
@@ -7004,15 +7208,7 @@ function updateBatchManageTitle(count) {

 async function showBatchManageModal() {
    try {
-        const response = await apiFetch('/api/conversations?limit=1000');
-        
-        // 如果响应不是200，使用空数组（友好处理，不显示错误）
-        if (!response.ok) {
-            allConversationsForBatch = [];
-        } else {
-            const data = await response.json();
-            allConversationsForBatch = Array.isArray(data) ? data : [];
-        }
+        allConversationsForBatch = await fetchAllConversations('');

        const modal = document.getElementById('batch-manage-modal');
        updateBatchManageTitle(allConversationsForBatch.length);
@@ -21,6 +21,9 @@ var dashboardState = {
    lastUpdatedAt: 0,           // 上次成功刷新的时间戳（ms）
    dismissedAlertKey: null,    // 当前会话中被用户「×」掉的告警内容指纹（同样的 reasons 不再弹）
    lastResources: null,        // 上一轮关键资源快照，用于判断是否首次有数据 / 智能 CTA
+    recentFeedTab: 'vulns',     // 最近漏洞 / 近期事实 Tab
+    accessTab: 'c2',            // 接入概览 Tab：c2 | webshell
+    lastProjectSummary: null,   // 最近一次项目仪表盘摘要（供 Tab 切换时重绘）
 };

 async function refreshDashboard() {
@@ -57,9 +60,14 @@ async function refreshDashboard() {
        hideEl('dashboard-kpi-vuln-critical-badge');
        hideEl('dashboard-alert-banner');
        setRecentVulnsLoading();
-        ['tools', 'skills', 'knowledge', 'roles', 'agents', 'webshell'].forEach(function (k) {
+        setRecentFactsLoading();
+        ['tools', 'skills', 'knowledge', 'roles', 'agents'].forEach(function (k) {
            setEl('dashboard-resource-' + k, '…');
        });
+        setEl('dashboard-webshell-connections', '…');
+        setEl('dashboard-c2-listeners-running', '…');
+        setEl('dashboard-c2-sessions-online', '…');
+        setEl('dashboard-c2-tasks-pending', '…');
        var chartPlaceholder = document.getElementById('dashboard-tools-pie-placeholder');
        if (chartPlaceholder) { chartPlaceholder.style.removeProperty('display'); chartPlaceholder.textContent = (typeof window.t === 'function' ? window.t('common.loading') : '加载中…'); }
        var barChartEl = document.getElementById('dashboard-tools-bar-chart');
@@ -104,7 +112,8 @@ async function refreshDashboard() {
            openCriticalRes, openHighRes, openMediumRes, openLowRes, toolsConfigRes,
            hitlPendingRes, notificationsRes, externalMcpStatsRes,
            webshellRes,
-            c2ListenersRes, c2SessionsRes, c2TasksRes
+            c2ListenersRes, c2SessionsRes, c2TasksRes,
+            projectSummaryRes
        ] = await Promise.all([
            fetchJson('/api/agent-loop/tasks'),
            fetchJson('/api/vulnerabilities/stats'),
@@ -112,7 +121,7 @@ async function refreshDashboard() {
            fetchJson('/api/monitor/stats'),
            fetchJson('/api/knowledge/stats'),
            fetchJson('/api/skills/stats'),
-            fetchJson('/api/vulnerabilities?limit=5&page=1'),
+            fetchJson('/api/vulnerabilities?limit=10&page=1'),
            fetchJson('/api/roles'),
            fetchJson('/api/multi-agent/markdown-agents'),
            openVulnQuery('critical'),
@@ -134,7 +143,8 @@ async function refreshDashboard() {
            // C2 仪表盘条：监听器 / 会话 / 待处理任务（任务接口含 pending_queued_count）
            fetchJson('/api/c2/listeners'),
            fetchJson('/api/c2/sessions?limit=500'),
-            fetchJson('/api/c2/tasks?page=1&page_size=1')
+            fetchJson('/api/c2/tasks?page=1&page_size=1'),
+            fetchJson('/api/projects/dashboard-summary?fact_limit=10')
        ]);

        // 如果在 await 期间 controller 已被 abort，说明又有新刷新启动了，丢弃本次结果
@@ -373,20 +383,10 @@ async function refreshDashboard() {
        } else {
            setEl('dashboard-resource-agents', '-');
        }
-        // WebShell 已建立的连接：/api/webshell/connections 直接返回数组（不带包裹），
-        // 兼容一下 { connections: [...] } 形式以防后续接口变更
-        var webshellList = null;
-        if (Array.isArray(webshellRes)) webshellList = webshellRes;
-        else if (webshellRes && Array.isArray(webshellRes.connections)) webshellList = webshellRes.connections;
-        var webshellCount = webshellList ? webshellList.length : null;
-        if (webshellCount !== null) {
-            setEl('dashboard-resource-webshell', formatNumber(webshellCount));
-        } else {
-            setEl('dashboard-resource-webshell', '-');
-        }
-
        // 最近漏洞列表
        renderRecentVulns(recentVulnsRes);
+        dashboardState.lastProjectSummary = projectSummaryRes;
+        renderRecentFacts(projectSummaryRes);

        // External MCP 健康度（同时拿到 down 数喂给 alert banner / 推荐操作）
        var externalMcpDown = renderExternalMcpHealth(externalMcpStatsRes);
@@ -397,8 +397,8 @@ async function refreshDashboard() {
        // 「最近事件」内联展示（来自通知摘要，过滤掉已经被仪表盘其他位置覆盖的类型）
        renderRecentEvents(notificationsRes);

-        // C2 概览条（监听器 / 在线会话 / 待处理任务）
-        renderDashboardC2Overview(c2ListenersRes, c2SessionsRes, c2TasksRes);
+        // 接入概览（C2 + WebShell）
+        renderDashboardAccessOverview(c2ListenersRes, c2SessionsRes, c2TasksRes, webshellRes);

        // 关键提醒条：把所有可能的告警源（漏洞/HITL/失败率/MCP健康）合并展示
        renderDashboardAlertBanner({
@@ -448,12 +448,13 @@ async function refreshDashboard() {
        setKpiSubText('dashboard-kpi-vuln-sub-text', '-');
        setKpiSubText('dashboard-kpi-tools-sub-text', '-');
        setKpiSubText('dashboard-kpi-rate-sub-text', '-');
-        ['tools', 'skills', 'knowledge', 'roles', 'agents', 'webshell'].forEach(function (k) {
+        ['tools', 'skills', 'knowledge', 'roles', 'agents'].forEach(function (k) {
            setEl('dashboard-resource-' + k, '-');
        });
-        var c2secErr = document.getElementById('dashboard-section-c2');
-        if (c2secErr) c2secErr.hidden = true;
+        var accessSecErr = document.getElementById('dashboard-section-access');
+        if (accessSecErr) accessSecErr.hidden = true;
        setRecentVulnsError();
+        setRecentFactsError();
        renderDashboardToolsBar(null);
        var ph = document.getElementById('dashboard-tools-pie-placeholder');
        if (ph) { ph.style.removeProperty('display'); ph.textContent = (typeof window.t === 'function' ? window.t('dashboard.noCallData') : '暂无调用数据'); }
@@ -467,53 +468,181 @@ async function refreshDashboard() {
    }
 }

-/** C2 概览条：依赖 /api/c2/listeners、sessions、tasks；任一路由失败则整块隐藏 */
-function renderDashboardC2Overview(listenersRes, sessionsRes, tasksRes) {
-    var section = document.getElementById('dashboard-section-c2');
+/** 接入概览：C2 / WebShell Tab 切换；C2 禁用时仅保留 WebShell Tab */
+function renderDashboardAccessOverview(listenersRes, sessionsRes, tasksRes, webshellRes) {
+    var section = document.getElementById('dashboard-section-access');
    if (!section) return;
-    if (listenersRes === null && sessionsRes === null && tasksRes === null) {
+
+    var c2ConfigOn = window.__c2Enabled !== false;
+    var webshellList = null;
+    if (Array.isArray(webshellRes)) webshellList = webshellRes;
+    else if (webshellRes && Array.isArray(webshellRes.connections)) webshellList = webshellRes.connections;
+    var wsApiOk = webshellRes !== null;
+    var c2ApiOk = listenersRes !== null || sessionsRes !== null || tasksRes !== null;
+    var showC2 = c2ConfigOn && c2ApiOk;
+    var showWs = wsApiOk;
+
+    section.dataset.c2Available = showC2 ? '1' : '0';
+    section.dataset.webshellAvailable = showWs ? '1' : '0';
+
+    if (!showC2 && !showWs) {
        section.hidden = true;
        return;
    }
-    var running = '-';
-    if (listenersRes && Array.isArray(listenersRes.listeners)) {
-        running = String(listenersRes.listeners.filter(function (l) {
-            return (l && (l.status || '').toLowerCase() === 'running');
-        }).length);
-    } else if (listenersRes === null) {
-        running = '-';
-    } else {
-        running = '0';
+
+    if (showC2) {
+        var running = '-';
+        if (listenersRes && Array.isArray(listenersRes.listeners)) {
+            running = String(listenersRes.listeners.filter(function (l) {
+                return (l && (l.status || '').toLowerCase() === 'running');
+            }).length);
+        } else if (listenersRes === null) {
+            running = '-';
+        } else {
+            running = '0';
+        }
+        var online = '-';
+        if (sessionsRes && Array.isArray(sessionsRes.sessions)) {
+            online = String(sessionsRes.sessions.filter(function (s) {
+                if (!s) return false;
+                var st = (s.status || '').toLowerCase();
+                return st === 'active' || st === 'sleeping';
+            }).length);
+        } else if (sessionsRes === null) {
+            online = '-';
+        } else {
+            online = '0';
+        }
+        var pending = '-';
+        if (tasksRes && typeof tasksRes.pending_queued_count === 'number') {
+            pending = String(tasksRes.pending_queued_count);
+        } else if (tasksRes === null) {
+            pending = '-';
+        } else {
+            pending = '0';
+        }
+        setEl('dashboard-c2-listeners-running', running);
+        setEl('dashboard-c2-sessions-online', online);
+        setEl('dashboard-c2-tasks-pending', pending);
    }
-    var online = '-';
-    if (sessionsRes && Array.isArray(sessionsRes.sessions)) {
-        online = String(sessionsRes.sessions.filter(function (s) {
-            if (!s) return false;
-            var st = (s.status || '').toLowerCase();
-            return st === 'active' || st === 'sleeping';
-        }).length);
-    } else if (sessionsRes === null) {
-        online = '-';
-    } else {
-        online = '0';
+
+    if (showWs) {
+        var wsCount = webshellList ? webshellList.length : 0;
+        setEl('dashboard-webshell-connections', formatNumber(wsCount));
+        renderDashboardWebshellRecent(webshellList || []);
    }
-    var pending = '-';
-    if (tasksRes && typeof tasksRes.pending_queued_count === 'number') {
-        pending = String(tasksRes.pending_queued_count);
-    } else if (tasksRes === null) {
-        pending = '-';
-    } else {
-        pending = '0';
-    }
-    setEl('dashboard-c2-listeners-running', running);
-    setEl('dashboard-c2-sessions-online', online);
-    setEl('dashboard-c2-tasks-pending', pending);
+
    section.hidden = false;
+    syncDashboardAccessTabs();
    if (typeof applyTranslations === 'function') {
        try { applyTranslations(section); } catch (_e) { /* ignore */ }
    }
 }

+/** C2 / WebShell Tab 切换（样式与「最近漏洞 / 近期事实」一致） */
+function switchDashboardAccessTab(tab) {
+    tab = tab === 'webshell' ? 'webshell' : 'c2';
+    dashboardState.accessTab = tab;
+    applyDashboardAccessTabUI(tab);
+}
+
+function applyDashboardAccessTabUI(tab) {
+    var tabC2 = document.getElementById('dashboard-access-tab-c2');
+    var tabWs = document.getElementById('dashboard-access-tab-webshell');
+    var panelC2 = document.getElementById('dashboard-access-panel-c2');
+    var panelWs = document.getElementById('dashboard-access-panel-webshell');
+    if (tabC2) {
+        tabC2.classList.toggle('is-active', tab === 'c2');
+        tabC2.setAttribute('aria-selected', tab === 'c2' ? 'true' : 'false');
+    }
+    if (tabWs) {
+        tabWs.classList.toggle('is-active', tab === 'webshell');
+        tabWs.setAttribute('aria-selected', tab === 'webshell' ? 'true' : 'false');
+    }
+    if (panelC2) panelC2.hidden = tab !== 'c2';
+    if (panelWs) panelWs.hidden = tab !== 'webshell';
+    updateDashboardAccessViewAll(tab);
+}
+
+function updateDashboardAccessViewAll(tab) {
+    var link = document.getElementById('dashboard-access-view-all');
+    if (!link) return;
+    if (tab === 'webshell') {
+        link.onclick = function () { try { switchPage('webshell'); } catch (_) {} };
+        link.setAttribute('data-i18n', 'dashboard.webshellGoManage');
+        link.textContent = dt('dashboard.webshellGoManage', null, '进入 WebShell →');
+    } else {
+        link.onclick = function () { try { switchPage('c2-listeners'); } catch (_) {} };
+        link.setAttribute('data-i18n', 'dashboard.c2GoManage');
+        link.textContent = dt('dashboard.c2GoManage', null, '进入 C2 →');
+    }
+}
+
+/** 根据可用模块同步 Tab 可见性与默认选中项 */
+function syncDashboardAccessTabs() {
+    var section = document.getElementById('dashboard-section-access');
+    if (!section || section.hidden) return;
+
+    var showC2 = section.dataset.c2Available === '1';
+    var showWs = section.dataset.webshellAvailable === '1';
+    var tabNav = document.getElementById('dashboard-access-tabs');
+    var tabC2 = document.getElementById('dashboard-access-tab-c2');
+    var tabWs = document.getElementById('dashboard-access-tab-webshell');
+
+    if (tabC2) tabC2.hidden = !showC2;
+    if (tabWs) tabWs.hidden = !showWs;
+    if (tabNav) tabNav.hidden = false;
+
+    var tab = dashboardState.accessTab;
+    if (tab === 'c2' && !showC2) tab = 'webshell';
+    if (tab === 'webshell' && !showWs) tab = 'c2';
+    if (!showC2 && showWs) tab = 'webshell';
+    if (showC2 && !showWs) tab = 'c2';
+    dashboardState.accessTab = tab;
+    applyDashboardAccessTabUI(tab);
+}
+
+/** WebShell 接入概览：最近 3 条连接摘要 */
+function renderDashboardWebshellRecent(list) {
+    var container = document.getElementById('dashboard-webshell-recent');
+    if (!container) return;
+    container.innerHTML = '';
+    if (!list || list.length === 0) {
+        container.hidden = true;
+        return;
+    }
+    var sorted = list.slice().sort(function (a, b) {
+        var ta = (a && a.createdAt) ? Date.parse(a.createdAt) : 0;
+        var tb = (b && b.createdAt) ? Date.parse(b.createdAt) : 0;
+        return tb - ta;
+    });
+    var recent = sorted.slice(0, 3);
+    recent.forEach(function (conn) {
+        if (!conn) return;
+        var item = document.createElement('div');
+        item.className = 'dashboard-webshell-recent-item';
+        item.setAttribute('role', 'button');
+        item.setAttribute('tabindex', '0');
+        var label = (conn.remark || '').trim() || (conn.url || '').trim() || (conn.id || '');
+        var typeTag = (conn.type || 'shell').toUpperCase();
+        item.innerHTML =
+            '<span class="dashboard-webshell-recent-type">' + esc(typeTag) + '</span>' +
+            '<span class="dashboard-webshell-recent-label" title="' + esc(label) + '">' + esc(label) + '</span>';
+        var openWs = function () {
+            try { switchPage('webshell'); } catch (_) {}
+        };
+        item.addEventListener('click', openWs);
+        item.addEventListener('keydown', function (e) {
+            if (e.key === 'Enter' || e.key === ' ') {
+                e.preventDefault();
+                openWs();
+            }
+        });
+        container.appendChild(item);
+    });
+    container.hidden = false;
+}
+
 function setEl(id, text) {
    const el = document.getElementById(id);
    if (el) el.textContent = text;
@@ -1088,12 +1217,9 @@ function renderRecentVulns(res) {
    if (list.length === 0) {
        if (empty) {
            empty.hidden = false;
-            // 升级版空状态：图标 + 标题 + 描述 + 行动按钮，比纯文本更易引导用户下一步
+            // 升级版空状态：标题 + 描述 + 行动按钮，比纯文本更易引导用户下一步
            empty.classList.add('is-rich');
            empty.innerHTML = (
-                '<span class="dashboard-empty-icon" aria-hidden="true">' +
-                '<svg width="40" height="40" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/><path d="M9 12l2 2 4-4"/></svg>' +
-                '</span>' +
                '<div class="dashboard-empty-title">' + esc(dt('dashboard.noVulnYet', null, '暂无最近漏洞')) + '</div>' +
                '<div class="dashboard-empty-desc">' + esc(dt('dashboard.noVulnDesc', null, '此处展示近期漏洞记录；在对话中完成检测后，新结果会出现在这里')) + '</div>' +
                '<button type="button" class="dashboard-empty-action" data-action="scan">' +
@@ -1109,7 +1235,7 @@ function renderRecentVulns(res) {
        empty.classList.remove('is-rich');
    }

-    list.slice(0, 5).forEach(function (v) {
+    list.slice(0, 10).forEach(function (v) {
        const sev = (v.severity || 'info').toLowerCase();
        const status = (v.status || 'open').toLowerCase();
        const item = document.createElement('a');
@@ -1130,6 +1256,203 @@ function renderRecentVulns(res) {
    });
 }

+// 最近漏洞 / 近期事实 Tab 切换（共用列表区域，查看全部链接随 Tab 变化）
+function switchDashboardFeedTab(tab) {
+    tab = tab === 'facts' ? 'facts' : 'vulns';
+    dashboardState.recentFeedTab = tab;
+
+    var tabVulns = document.getElementById('dashboard-feed-tab-vulns');
+    var tabFacts = document.getElementById('dashboard-feed-tab-facts');
+    var panelVulns = document.getElementById('dashboard-feed-panel-vulns');
+    var panelFacts = document.getElementById('dashboard-feed-panel-facts');
+    if (tabVulns) {
+        tabVulns.classList.toggle('is-active', tab === 'vulns');
+        tabVulns.setAttribute('aria-selected', tab === 'vulns' ? 'true' : 'false');
+    }
+    if (tabFacts) {
+        tabFacts.classList.toggle('is-active', tab === 'facts');
+        tabFacts.setAttribute('aria-selected', tab === 'facts' ? 'true' : 'false');
+    }
+    if (panelVulns) panelVulns.hidden = tab !== 'vulns';
+    if (panelFacts) panelFacts.hidden = tab !== 'facts';
+    updateDashboardFeedViewAll(tab);
+}
+
+function updateDashboardFeedViewAll(tab) {
+    var link = document.getElementById('dashboard-feed-view-all');
+    if (!link) return;
+    if (tab === 'facts') {
+        link.onclick = function () { try { switchPage('projects'); } catch (_) {} };
+    } else {
+        link.onclick = function () { try { switchPage('vulnerabilities'); } catch (_) {} };
+    }
+}
+
+function setRecentFactsLoading() {
+    var wrap = document.getElementById('dashboard-recent-facts');
+    var empty = document.getElementById('dashboard-recent-facts-empty');
+    if (!wrap) return;
+    clearRecentFactsList(wrap);
+    if (empty) {
+        empty.hidden = false;
+        empty.classList.remove('is-rich');
+        empty.textContent = dt('common.loading', null, '加载中…');
+    }
+}
+
+function clearRecentFactsList(wrap) {
+    if (!wrap) return;
+    Array.from(wrap.querySelectorAll('.dashboard-recent-fact-item, .dashboard-recent-facts-meta')).forEach(function (n) { n.remove(); });
+}
+
+function setRecentFactsError() {
+    var wrap = document.getElementById('dashboard-recent-facts');
+    var empty = document.getElementById('dashboard-recent-facts-empty');
+    if (!wrap) return;
+    clearRecentFactsList(wrap);
+    if (empty) {
+        empty.hidden = false;
+        empty.classList.remove('is-rich');
+        empty.textContent = dt('common.loadFailed', null, '加载失败');
+    }
+}
+
+function factConfidenceShortLabel(confidence) {
+    var c = String(confidence || '').toLowerCase();
+    if (c === 'confirmed') return dt('projects.confidenceConfirmed', null, '已确认');
+    if (c === 'tentative') return dt('projects.confidenceTentative', null, '待确认');
+    return c || '—';
+}
+
+function factCategoryShortLabel(category) {
+    var raw = String(category || '').trim();
+    return raw || 'note';
+}
+
+// 按 project_id（回退 project_name）稳定映射 8 种配色，同一项目跨刷新颜色一致
+function projectFactProjectTone(projectId, projectName) {
+    var key = String(projectId || projectName || '').trim();
+    if (!key) return 0;
+    var hash = 0;
+    for (var i = 0; i < key.length; i++) {
+        hash = ((hash << 5) - hash) + key.charCodeAt(i);
+        hash |= 0;
+    }
+    return Math.abs(hash) % 8;
+}
+
+function openProjectFactFromDashboard(projectId, factKey) {
+    if (!projectId) return;
+    if (typeof switchPage === 'function') {
+        switchPage('projects');
+    }
+    setTimeout(async function () {
+        if (typeof window.initProjectsPage === 'function') {
+            await window.initProjectsPage();
+        }
+        if (typeof window.selectProject === 'function') {
+            await window.selectProject(projectId);
+        }
+        if (typeof window.switchProjectTab === 'function') {
+            window.switchProjectTab('facts');
+        }
+        if (factKey && typeof window.viewProjectFactBody === 'function') {
+            window.viewProjectFactBody(factKey);
+        }
+    }, 350);
+}
+
+function renderRecentFacts(res) {
+    var wrap = document.getElementById('dashboard-recent-facts');
+    var empty = document.getElementById('dashboard-recent-facts-empty');
+    if (!wrap) return;
+
+    clearRecentFactsList(wrap);
+
+    var list = (res && Array.isArray(res.recent_facts)) ? res.recent_facts : [];
+    var totals = (res && res.totals) ? res.totals : {};
+    var activeProjects = totals.active_projects || 0;
+    var totalFacts = totals.total_facts || 0;
+
+    if (list.length === 0) {
+        if (empty) {
+            empty.hidden = false;
+            empty.classList.add('is-rich');
+            var desc = activeProjects > 0
+                ? dt('dashboard.noFactsDesc', null, '在绑定项目的对话中，Agent 会自动记录目标、漏洞、攻击链等事实')
+                : dt('projects.selectOrCreateHint', null, '项目用于跨对话共享「事实黑板」：目标、环境、认证等信息会在绑定项目的对话中自动注入。');
+            var ctaLabel = activeProjects > 0
+                ? dt('dashboard.goToChat', null, '前往对话')
+                : dt('dashboard.createFirstProjectBtn', null, '创建第一个项目');
+            var ctaAction = activeProjects > 0 ? 'chat' : 'project';
+            empty.innerHTML = (
+                '<div class="dashboard-empty-title">' + esc(dt('dashboard.noFactsYet', null, '暂无近期事实')) + '</div>' +
+                '<div class="dashboard-empty-desc">' + esc(desc) + '</div>' +
+                '<button type="button" class="dashboard-empty-action" data-action="' + esc(ctaAction) + '">' +
+                esc(ctaLabel) + ' →</button>'
+            );
+            var btn = empty.querySelector('[data-action]');
+            if (btn) {
+                btn.onclick = function () {
+                    var action = btn.getAttribute('data-action');
+                    if (action === 'project') {
+                        try { switchPage('projects'); } catch (_) {}
+                        setTimeout(function () {
+                            if (typeof window.showNewProjectModal === 'function') {
+                                window.showNewProjectModal();
+                            }
+                        }, 350);
+                    } else {
+                        try { switchPage('chat'); } catch (_) {}
+                    }
+                };
+            }
+        }
+        return;
+    }
+
+    if (empty) {
+        empty.hidden = true;
+        empty.classList.remove('is-rich');
+    }
+
+    list.slice(0, 10).forEach(function (f) {
+        if (!f) return;
+        var category = factCategoryShortLabel(f.category);
+        var confidence = String(f.confidence || 'tentative').toLowerCase();
+        var item = document.createElement('a');
+        item.className = 'dashboard-recent-fact-item';
+        item.setAttribute('role', 'button');
+        item.tabIndex = 0;
+        var pid = f.project_id || '';
+        var fkey = f.fact_key || '';
+        item.onclick = function () { openProjectFactFromDashboard(pid, fkey); };
+        item.onkeydown = function (e) {
+            if (e.key === 'Enter' || e.key === ' ') {
+                e.preventDefault();
+                item.click();
+            }
+        };
+
+        // 置顶列始终占位，避免有/无图钉时后续列错位
+        var pinMark = '<span class="dashboard-recent-fact-pin' + (f.pinned ? ' is-pinned' : '') + '"' +
+            (f.pinned ? (' title="' + esc(dt('projects.pinned', null, '置顶')) + '"') : '') +
+            ' aria-hidden="true">' + (f.pinned ? '📌' : '') + '</span>';
+        var projectLabel = (f.project_name || '').trim() || dt('projects.defaultProjectName', null, '项目');
+        var factKeyLabel = (f.fact_key || '').trim() || '—';
+        var projectTone = projectFactProjectTone(pid, projectLabel);
+        var projectCol = '<span class="dashboard-recent-fact-project proj-tone-' + projectTone + '" title="' + esc(projectLabel) + '">' + esc(projectLabel) + '</span>';
+        var categoryBadge = '<span class="dashboard-recent-fact-cat cat-' + esc(category.toLowerCase().replace(/[^a-z0-9_-]/g, '')) + '">' + esc(category) + '</span>';
+        var confBadge = '<span class="dashboard-recent-fact-conf conf-' + esc(confidence) + '">' + esc(factConfidenceShortLabel(confidence)) + '</span>';
+        var summary = '<span class="dashboard-recent-fact-summary" title="' + esc(f.summary || '') + '">' + esc(f.summary || dt('common.untitled', null, '无标题')) + '</span>';
+        var factKeyCol = '<span class="dashboard-recent-fact-key" title="' + esc(factKeyLabel) + '">' + esc(factKeyLabel) + '</span>';
+        var time = '<span class="dashboard-recent-fact-time">' + esc(timeAgoStr(f.updated_at)) + '</span>';
+
+        item.innerHTML = pinMark + categoryBadge + confBadge + summary + factKeyCol + projectCol + time;
+        wrap.appendChild(item);
+    });
+}
+
 // 漏洞状态映射：把 status 字符串规整到 4 类（避免脏数据）
 function statusKey(s) {
    s = String(s || '').toLowerCase();
@@ -1224,7 +1547,7 @@ function renderVulnStatusPanel(byStatus, total) {
 //
 // bySeverityOpen: { critical, high, medium, low }（只统计 status=open 的漏洞；info 不计入）
 // totalOpen:      待处理漏洞总数（= critical + high + medium + low），仅用于"全无待处理 → safe"判断
-// recentVulnsRes: /api/vulnerabilities?limit=5 响应（用于"最近发现"时间，口径是全量，与处置状态无关）
+// recentVulnsRes: /api/vulnerabilities?limit=10 响应（用于"最近发现"时间，口径是全量，与处置状态无关）
 function renderSeverityInsights(bySeverityOpen, totalOpen, recentVulnsRes) {
    var riskBox = document.querySelector('.dashboard-severity-insight-risk');
    var levelEl = document.getElementById('dashboard-severity-risk-level');
@@ -286,6 +286,38 @@ function extractIterationTagFromStreamIdentity(identity) {
    return s.slice(idx + 6);
 }

+/** Plan-Execute 多轮 executor/planner 同名代理：仅在同轮次内复用流式条目 */
+function areMainResponseStreamIterationsCompatible(prevIterTag, streamIterTag, orchestration) {
+    const orch = String(orchestration != null ? orchestration : '').trim();
+    if (orch === 'plan_execute') {
+        return prevIterTag === streamIterTag && prevIterTag !== '';
+    }
+    return !prevIterTag || !streamIterTag || prevIterTag === streamIterTag;
+}
+
+/** 仅合并 Eino 对同一段 MessageStream 重复发出的 response_start */
+function shouldReuseMainResponseStream(progressId, prevStream, responseData, streamOrch) {
+    if (!prevStream || !prevStream.itemId) {
+        return false;
+    }
+    if (!sameMainResponseStreamMeta(prevStream.streamMeta, responseData)) {
+        return false;
+    }
+    const streamId = responseData && responseData.streamId != null ? String(responseData.streamId).trim() : '';
+    if (streamId && prevStream.streamId === streamId) {
+        return true;
+    }
+    const orch = String(streamOrch != null ? streamOrch : '').trim();
+    if (orch === 'plan_execute') {
+        return false;
+    }
+    const prevIterTag = extractIterationTagFromStreamIdentity(prevStream.streamIdentity || '');
+    const streamIterTag = extractIterationTagFromStreamIdentity(
+        buildMainResponseStreamIdentity(progressId, responseData)
+    );
+    return areMainResponseStreamIterationsCompatible(prevIterTag, streamIterTag, orch);
+}
+
 // AI 思考流式输出：progressId -> Map(streamId -> { itemId, buffer })
 const thinkingStreamStateByProgressId = new Map();

@@ -1513,10 +1545,16 @@ function handleStreamEvent(event, progressElement, progressId,
            const n = d.iteration != null ? d.iteration : 1;
            const scope = d.einoScope != null ? String(d.einoScope).trim() : '';
            if (scope !== 'sub') {
+                const prevMainIter = mainIterationStateByProgressId.get(String(progressId));
+                const prevN = prevMainIter && prevMainIter.iteration != null ? prevMainIter.iteration : null;
                mainIterationStateByProgressId.set(String(progressId), {
                    iteration: n,
                    orchestration: d.orchestration != null ? d.orchestration : ''
                });
+                // 主通道进入新轮次后不复用上一轮的「执行输出」时间线条目
+                if (prevN != null && prevN !== n) {
+                    responseStreamStateByProgressId.delete(progressId);
+                }
            }
            let iterTitle;
            if (d.orchestration === 'plan_execute' && d.einoScope === 'main') {
@@ -1674,6 +1712,8 @@ function handleStreamEvent(event, progressElement, progressId,
        }
            
        case 'tool_calls_detected':
+            // 助手正文段结束、进入工具调用：下一段 response_start 应新建时间线条目
+            responseStreamStateByProgressId.delete(progressId);
            addTimelineItem(timeline, 'tool_calls_detected', {
                title: timelineAgentBracketPrefix(event.data) + '🔧 ' + (typeof window.t === 'function' ? window.t('chat.toolCallsDetected', { count: event.data?.count || 0 }) : '检测到 ' + (event.data?.count || 0) + ' 个工具调用'),
                message: event.message,
@@ -2106,18 +2146,16 @@ function handleStreamEvent(event, progressElement, progressId,

            // 多代理模式下，迭代过程中的输出只显示在时间线中，不创建助手消息气泡
            const prevStream = responseStreamStateByProgressId.get(progressId);
-            const prevIterTag = extractIterationTagFromStreamIdentity(prevStream && prevStream.streamIdentity ? prevStream.streamIdentity : '');
-            const compatibleIterTag = !prevIterTag || !streamIterTag || prevIterTag === streamIterTag;
-            if (
-                prevStream &&
-                prevStream.itemId &&
-                sameMainResponseStreamMeta(prevStream.streamMeta, responseData) &&
-                compatibleIterTag
-            ) {
+            const streamOrch = responseData.orchestration != null
+                ? responseData.orchestration
+                : (prevStream && prevStream.streamMeta ? prevStream.streamMeta.orchestration : '');
+            if (shouldReuseMainResponseStream(progressId, prevStream, responseData, streamOrch)) {
                // Eino 可能对同一段流重复发 response_start；复用已有条目与 buffer，避免多条「助手输出」
                prevStream.streamMeta = Object.assign({}, prevStream.streamMeta || {}, responseData);
-                // 若此前轮次未知（空），在后续事件带来轮次后升级 identity，避免跨轮误复用。
                prevStream.streamIdentity = streamIdentity;
+                if (responseData.streamId != null) {
+                    prevStream.streamId = String(responseData.streamId).trim();
+                }
                responseStreamStateByProgressId.set(progressId, prevStream);
                break;
            }
@@ -2128,10 +2166,12 @@ function handleStreamEvent(event, progressElement, progressId,
                data: Object.assign({}, responseData, { responseStreamPlaceholder: true })
            });
            responseStreamStateByProgressId.set(progressId, {
+                progressId: progressId,
                itemId: itemId,
                buffer: '',
                streamMeta: responseData,
-                streamIdentity: streamIdentity
+                streamIdentity: streamIdentity,
+                streamId: responseData.streamId != null ? String(responseData.streamId).trim() : ''
            });
            break;
        }
@@ -2151,12 +2191,19 @@ function handleStreamEvent(event, progressElement, progressId,
            // 多代理模式下，迭代过程中的输出只显示在时间线中
            // 更新时间线条目内容
            let state = responseStreamStateByProgressId.get(progressId);
+            const incomingStreamId = responseData.streamId != null ? String(responseData.streamId).trim() : '';
            if (!state) {
-                state = { itemId: null, buffer: '', streamMeta: responseData };
+                state = { progressId: progressId, itemId: null, buffer: '', streamMeta: responseData, streamId: incomingStreamId };
                responseStreamStateByProgressId.set(progressId, state);
            } else if (!state.streamMeta && responseData && (responseData.einoAgent || responseData.orchestration)) {
                state.streamMeta = responseData;
            }
+            if (incomingStreamId && state.streamId && state.streamId !== incomingStreamId) {
+                break;
+            }
+            if (incomingStreamId && !state.streamId) {
+                state.streamId = incomingStreamId;
+            }

            const deltaContent = event.message || '';
            if (!deltaContent && streamBufferFromAccumulated(responseData) === null) break;
@@ -3,6 +3,7 @@
 */
 let projectsCache = [];
 let projectsCacheAll = [];
+const PROJECTS_LIST_PAGE_SIZE_KEY = 'cyberstrike.projects_list_page_size';
 let currentProjectId = null;
 let currentProjectTab = 'facts';
 const projectNameById = {};
@@ -167,23 +168,128 @@ function rebuildProjectNameMap(list) {
    });
 }

-async function fetchProjectsList(includeArchived) {
+function getProjectsListPageSize() {
+    try {
+        const saved = parseInt(localStorage.getItem(PROJECTS_LIST_PAGE_SIZE_KEY), 10);
+        if ([20, 50, 100].includes(saved)) return saved;
+    } catch (e) { /* ignore */ }
+    return 50;
+}
+
+let projectsListPagination = { page: 1, pageSize: getProjectsListPageSize(), total: 0 };
+let projectsListSearch = '';
+let _projectsListSearchDebounce = null;
+
+function parseListTotalValue(raw, itemsLength) {
+    if (typeof raw === 'number' && Number.isFinite(raw) && raw >= 0) return raw;
+    if (raw != null && raw !== '') {
+        const n = parseInt(String(raw), 10);
+        if (Number.isFinite(n) && n >= 0) return n;
+    }
+    return itemsLength;
+}
+
+function parseListOffsetValue(raw) {
+    if (typeof raw === 'number' && Number.isFinite(raw) && raw >= 0) return raw;
+    if (raw != null && raw !== '') {
+        const n = parseInt(String(raw), 10);
+        if (Number.isFinite(n) && n >= 0) return n;
+    }
+    return 0;
+}
+
+function parseProjectsListResponse(data) {
+    if (Array.isArray(data)) {
+        return { items: data, total: data.length, limit: data.length, offset: 0, isLegacyArray: true };
+    }
+    const items = data.projects || data.items || [];
+    const arr = Array.isArray(items) ? items : [];
+    return {
+        items: arr,
+        total: parseListTotalValue(data.total, arr.length),
+        limit: parseListTotalValue(data.limit, arr.length) || arr.length,
+        offset: parseListOffsetValue(data.offset),
+        isLegacyArray: false,
+    };
+}
+
+async function resolveProjectsListTotal(params, parsed, pageSize, offset) {
+    const serverTotal = parsed.total;
+    // 服务端 total 明确大于当前页末尾 → 直接信任
+    if (!parsed.isLegacyArray && serverTotal > offset + parsed.items.length) {
+        return serverTotal;
+    }
+    // 不足一页 → 已是最后一页
+    if (parsed.items.length < pageSize) {
+        return Math.max(serverTotal, offset + parsed.items.length);
+    }
+    // 满页但 total 可能被误算为 items.length → 探测下一页
+    const probe = new URLSearchParams(params);
+    probe.set('offset', String(offset + pageSize));
+    probe.set('limit', '1');
+    try {
+        const res = await apiFetch(`/api/projects?${probe}`);
+        if (!res.ok) return Math.max(serverTotal, offset + parsed.items.length);
+        const probeParsed = parseProjectsListResponse(await res.json());
+        if (probeParsed.total > serverTotal) return probeParsed.total;
+        if (probeParsed.items.length > 0) {
+            return Math.max(serverTotal, offset + pageSize + 1);
+        }
+    } catch (e) { /* ignore */ }
+    return Math.max(serverTotal, offset + parsed.items.length);
+}
+
+async function fetchAllProjects(includeArchived) {
    const showArchived = includeArchived || document.getElementById('projects-show-archived')?.checked;
-    const url = showArchived ? '/api/projects?limit=200' : '/api/projects?status=active&limit=200';
-    const res = await apiFetch(url);
+    let all = [];
+    const pageSize = 200;
+    let offset = 0;
+    let total = Infinity;
+    while (all.length < total) {
+        const params = new URLSearchParams({ limit: String(pageSize), offset: String(offset) });
+        if (!showArchived) params.set('status', 'active');
+        const res = await apiFetch(`/api/projects?${params}`);
+        if (!res.ok) throw new Error(tp('projects.loadProjectsFailed'));
+        const parsed = parseProjectsListResponse(await res.json());
+        all = all.concat(parsed.items);
+        total = parsed.total;
+        if (!parsed.items.length) break;
+        offset += parsed.items.length;
+    }
+    return all;
+}
+
+async function fetchProjectsList(includeArchived, opts = {}) {
+    const showArchived = includeArchived || document.getElementById('projects-show-archived')?.checked;
+    const page = opts.page ?? projectsListPagination.page;
+    const pageSize = opts.pageSize ?? getProjectsListPageSize();
+    const search = opts.search !== undefined ? opts.search : projectsListSearch;
+    projectsListSearch = search;
+    const offset = (page - 1) * pageSize;
+    const params = new URLSearchParams({ limit: String(pageSize), offset: String(offset) });
+    if (search) params.set('search', search);
+    if (!showArchived) params.set('status', 'active');
+    const res = await apiFetch(`/api/projects?${params}`);
    if (!res.ok) throw new Error(tp('projects.loadProjectsFailed'));
-    const data = await res.json();
-    projectsCache = Array.isArray(data) ? data : [];
-    rebuildProjectNameMap(projectsCache);
-    _projectsListReady = true;
+    const parsed = parseProjectsListResponse(await res.json());
+    const total = await resolveProjectsListTotal(params, parsed, pageSize, offset);
+    projectsCache = parsed.items;
+    projectsListPagination = { page, pageSize: pageSize, total };
+    rebuildProjectNameMap(projectsCacheAll.length ? projectsCacheAll : projectsCache);
    return projectsCache;
 }

-/** 对话页等项目选择器：确保列表已拉取（去重并发请求） */
+/** 对话页等项目选择器：确保全量列表已拉取（去重并发请求） */
 async function ensureProjectsLoaded(force) {
-    if (!force && _projectsListReady) return projectsCache;
+    if (!force && _projectsListReady) return projectsCacheAll;
    if (!force && _projectsFetchPromise) return _projectsFetchPromise;
-    _projectsFetchPromise = fetchProjectsList(false)
+    _projectsFetchPromise = fetchAllProjects(false)
+        .then((list) => {
+            projectsCacheAll = list;
+            rebuildProjectNameMap(projectsCacheAll);
+            _projectsListReady = true;
+            return projectsCacheAll;
+        })
        .catch((e) => {
            _projectsListReady = false;
            throw e;
@@ -204,9 +310,10 @@ async function ensureDefaultActiveProjectForNewChat() {
        await ensureProjectsLoaded();
        const cur = getActiveProjectId();
        if (cur && isActiveChatProjectId(cur)) return cur;
+        const source = projectsCacheAll.length ? projectsCacheAll : projectsCache;
        const first =
-            projectsCache.find((p) => p.pinned && p.status !== 'archived') ||
-            projectsCache.find((p) => p.status !== 'archived');
+            source.find((p) => p.pinned && p.status !== 'archived') ||
+            source.find((p) => p.status !== 'archived');
        if (first) {
            setActiveProjectId(first.id);
            return first.id;
@@ -238,6 +345,8 @@ async function initProjectsPage() {
    initProjectsModalEscape();
    syncProjectsModalBodyLock();
    updateProjectsDetailVisibility();
+    projectsListPagination.pageSize = getProjectsListPageSize();
+    renderProjectsPagination();
    await loadProjectsList();
    if (!currentProjectId && projectsCache.length) {
        const fromHash = new URLSearchParams(window.location.hash.split('?')[1] || '').get('id');
@@ -250,8 +359,19 @@ async function initProjectsPage() {
 }

 async function loadProjectsList() {
+    _projectsListReady = false;
+    projectsCacheAll = [];
+    projectsListPagination.pageSize = getProjectsListPageSize();
    await fetchProjectsList();
    renderProjectsSidebar();
+    renderProjectsPagination();
+    try {
+        projectsCacheAll = await fetchAllProjects();
+        rebuildProjectNameMap(projectsCacheAll);
+        _projectsListReady = true;
+    } catch (e) {
+        console.warn(e);
+    }
    if (typeof refreshChatProjectSelector === 'function') {
        refreshChatProjectSelector();
    }
@@ -277,7 +397,7 @@ function updateProjectsDetailVisibility() {

 function updateProjectsListCount() {
    const el = document.getElementById('projects-list-count');
-    if (el) el.textContent = String(projectsCache.length);
+    if (el) el.textContent = String(projectsListPagination.total || projectsCache.length);
 }

 /** 事实分类 → 徽章样式（与 fact_template.go 常量对齐） */
@@ -385,26 +505,97 @@ function getProjectsListFilter() {
 }

 function filterProjectsList() {
-    renderProjectsSidebar();
+    if (_projectsListSearchDebounce) clearTimeout(_projectsListSearchDebounce);
+    _projectsListSearchDebounce = setTimeout(() => {
+        _projectsListSearchDebounce = null;
+        const q = getProjectsListFilter();
+        projectsListPagination.page = 1;
+        fetchProjectsList(undefined, { page: 1, search: q })
+            .then(() => {
+                renderProjectsSidebar();
+                renderProjectsPagination();
+            })
+            .catch((e) => console.warn(e));
+    }, 280);
+}
+
+function goProjectsPage(page) {
+    const totalPages = Math.max(1, Math.ceil((projectsListPagination.total || 0) / projectsListPagination.pageSize) || 1);
+    const next = Math.min(Math.max(1, page), totalPages);
+    if (next === projectsListPagination.page) return;
+    fetchProjectsList(undefined, { page: next })
+        .then(() => {
+            renderProjectsSidebar();
+            renderProjectsPagination();
+            const listEl = document.getElementById('projects-list');
+            if (listEl) listEl.scrollTop = 0;
+        })
+        .catch((e) => console.warn(e));
+}
+
+function changeProjectsPageSize() {
+    const sel = document.getElementById('projects-page-size-pagination');
+    const newSize = sel ? parseInt(sel.value, 10) : 50;
+    if (![20, 50, 100].includes(newSize)) return;
+    try {
+        localStorage.setItem(PROJECTS_LIST_PAGE_SIZE_KEY, String(newSize));
+    } catch (e) { /* ignore */ }
+    projectsListPagination.pageSize = newSize;
+    projectsListPagination.page = 1;
+    fetchProjectsList(undefined, { page: 1, pageSize: newSize })
+        .then(() => {
+            renderProjectsSidebar();
+            renderProjectsPagination();
+        })
+        .catch((e) => console.warn(e));
+}
+
+function renderProjectsPagination() {
+    const el = document.getElementById('projects-pagination');
+    if (!el) return;
+    const { page, pageSize, total } = projectsListPagination;
+    const totalPages = Math.max(1, Math.ceil(total / pageSize) || 1);
+    const navDisabled = total === 0 || totalPages <= 1;
+    el.hidden = false;
+    const start = total === 0 ? 0 : (page - 1) * pageSize + 1;
+    const end = total === 0 ? 0 : Math.min(page * pageSize, total);
+    const infoText = tpFmt('projects.paginationRange', `${start}-${end}/${total}`, { start, end, total });
+    const pageText = tpFmt('projects.paginationPage', `${page}/${totalPages}`, { page, total: totalPages });
+    el.innerHTML = `
+        <div class="sidebar-list-pagination-inner sidebar-list-pagination-inner--compact">
+            <span class="pagination-info">${escapeHtml(infoText)}</span>
+            <div class="pagination-controls">
+                <button type="button" class="btn-icon-pagination" onclick="goProjectsPage(${page - 1})" ${page <= 1 || navDisabled ? 'disabled' : ''} title="${escapeHtml(tp('projects.paginationPrev'))}" aria-label="${escapeHtml(tp('projects.paginationPrev'))}">‹</button>
+                <span class="pagination-page">${escapeHtml(pageText)}</span>
+                <button type="button" class="btn-icon-pagination" onclick="goProjectsPage(${page + 1})" ${page >= totalPages || navDisabled ? 'disabled' : ''} title="${escapeHtml(tp('projects.paginationNext'))}" aria-label="${escapeHtml(tp('projects.paginationNext'))}">›</button>
+            </div>
+            <label class="pagination-page-size">
+                ${escapeHtml(tp('projects.paginationPerPage'))}
+                <select id="projects-page-size-pagination" onchange="changeProjectsPageSize()">
+                    <option value="20" ${pageSize === 20 ? 'selected' : ''}>20</option>
+                    <option value="50" ${pageSize === 50 ? 'selected' : ''}>50</option>
+                    <option value="100" ${pageSize === 100 ? 'selected' : ''}>100</option>
+                </select>
+            </label>
+        </div>`;
 }

 function renderProjectsSidebar() {
    const el = document.getElementById('projects-list');
    if (!el) return;
    updateProjectsListCount();
-    const q = getProjectsListFilter();
-    const list = q
-        ? projectsCache.filter((p) => (p.name || '').toLowerCase().includes(q) || (p.description || '').toLowerCase().includes(q))
-        : projectsCache;
+    const list = projectsCache;
    if (!projectsCache.length) {
        el.innerHTML =
            `<div class="projects-empty">${escapeHtml(tp('projects.noProjects'))}<br><button type="button" class="btn-primary btn-small projects-empty-btn" onclick="showNewProjectModal()">${escapeHtml(tp('projects.newProject'))}</button></div>`;
        updateProjectsDetailVisibility();
+        renderProjectsPagination();
        return;
    }
    if (!list.length) {
        el.innerHTML = `<div class="projects-empty">${escapeHtml(tp('projects.noMatchingProjects'))}</div>`;
        updateProjectsDetailVisibility();
+        renderProjectsPagination();
        return;
    }
    el.innerHTML = list.map((p) => {
@@ -574,8 +765,11 @@ async function loadProjectFacts() {
        const vulnLink = f.related_vulnerability_id
            ? `<span class="projects-fact-vuln-link" title="${escapeHtml(tp('projects.relatedVulnIdTitle'))}">${escapeHtml(f.related_vulnerability_id.slice(0, 8))}…</span>`
            : '';
+        const pinBadge = f.pinned
+            ? `<span class="projects-list-item-badge" title="${escapeHtml(tp('projects.pinned'))}">${escapeHtml(tp('projects.pinned'))}</span>`
+            : '';
        return `<tr>
-            <td class="cell-fact-key"><code class="projects-fact-key-chip" title="${keyEsc}">${keyEsc}</code>${vulnLink}</td>
+            <td class="cell-fact-key"><code class="projects-fact-key-chip" title="${keyEsc}">${keyEsc}</code>${pinBadge}${vulnLink}</td>
            <td class="cell-fact-category">${formatCategoryBadge(f.category)}</td>
            <td class="cell-summary" title="${escapeHtml(f.summary)}">${escapeHtml(f.summary)}</td>
            <td>${formatFactBodyBadge(f)}</td>
@@ -678,7 +872,6 @@ async function viewProjectFactBody(factKey) {
    ];
    if (f.related_vulnerability_id) metaParts.push(tpFmt('projects.factMetaRelatedVuln', `Related vulnerability: ${f.related_vulnerability_id}`, { value: f.related_vulnerability_id }));
    if (f.source_conversation_id) metaParts.push(tpFmt('projects.factMetaSourceConversation', `Source conversation: ${f.source_conversation_id}`, { value: f.source_conversation_id }));
-    if (f.supersedes_fact_id) metaParts.push(tp('projects.factMetaHasPrevious'));
    document.getElementById('fact-detail-meta').textContent = metaParts.join(' · ');
    document.getElementById('fact-detail-body').textContent = f.body || tp('projects.emptyBody');
    const warnEl = document.getElementById('fact-detail-sparse-warn');
@@ -691,33 +884,6 @@ async function viewProjectFactBody(factKey) {
            warnEl.textContent = '';
        }
    }
-    const prevWrap = document.getElementById('fact-detail-prev-wrap');
-    if (prevWrap) {
-        prevWrap.hidden = true;
-        if (f.id && f.supersedes_fact_id) {
-            try {
-                const prevRes = await apiFetch(
-                    `/api/projects/${currentProjectId}/facts/${encodeURIComponent(f.id)}/previous-version`,
-                );
-                if (prevRes.ok) {
-                    const prev = await prevRes.json();
-                    prevWrap.hidden = false;
-                    document.getElementById('fact-detail-prev-meta').textContent = tpFmt(
-                        'projects.factPreviousMeta',
-                        `Archived at ${formatProjectTime(prev.archived_at)} · Summary: ${prev.summary || '—'} · Confidence: ${prev.confidence || '—'}`,
-                        {
-                            time: formatProjectTime(prev.archived_at),
-                            summary: prev.summary || '—',
-                            confidence: prev.confidence || '—',
-                        },
-                    );
-                    document.getElementById('fact-detail-prev-body').textContent = prev.body || tp('projects.emptyBody');
-                }
-            } catch (e) {
-                console.warn(e);
-            }
-        }
-    }
    const linkBtn = document.getElementById('fact-detail-link-vuln-btn');
    const createBtn = document.getElementById('fact-detail-create-vuln-btn');
    if (linkBtn) linkBtn.hidden = false;
@@ -1165,6 +1331,8 @@ function resetFactModalForm() {
    document.getElementById('fact-modal-summary').value = '';
    document.getElementById('fact-modal-body').value = '';
    document.getElementById('fact-modal-confidence').value = 'tentative';
+    const pinEl = document.getElementById('fact-modal-pinned');
+    if (pinEl) pinEl.checked = false;
    const rel = document.getElementById('fact-modal-related-vuln');
    if (rel) rel.value = '';
    updateFactFormHints();
@@ -1198,6 +1366,8 @@ function fillFactModalForm(f) {
    }
    const rel = document.getElementById('fact-modal-related-vuln');
    if (rel) rel.value = f.related_vulnerability_id || '';
+    const pinEl = document.getElementById('fact-modal-pinned');
+    if (pinEl) pinEl.checked = !!f.pinned;
    updateFactFormHints();
 }

@@ -1242,6 +1412,7 @@ async function saveFactModal() {
        summary,
        body,
        confidence: document.getElementById('fact-modal-confidence').value,
+        pinned: !!document.getElementById('fact-modal-pinned')?.checked,
        related_vulnerability_id: document.getElementById('fact-modal-related-vuln')?.value?.trim() || '',
    };
    const editId = window._factModalEditId;
@@ -1337,7 +1508,8 @@ function getChatProjectSelection() {

 function isActiveChatProjectId(id) {
    if (!id) return false;
-    return projectsCache.some((p) => p.id === id && p.status !== 'archived');
+    const source = projectsCacheAll.length ? projectsCacheAll : projectsCache;
+    return source.some((p) => p.id === id && p.status !== 'archived');
 }

 /** 用于 UI：无效/已删除/无可用项目时视为未绑定 */
@@ -1392,7 +1564,8 @@ function renderChatProjectPanelList() {
    const list = document.getElementById('chat-project-list');
    if (!list) return;
    const selected = resolveChatProjectSelection();
-    const activeProjects = projectsCache.filter((p) => p.status !== 'archived');
+    const source = projectsCacheAll.length ? projectsCacheAll : projectsCache;
+    const activeProjects = source.filter((p) => p.status !== 'archived');
    const items = [{ id: '', name: tp('projects.noProject'), description: tp('projects.noProjectDescription') }, ...activeProjects];
    if (!items.length) {
        list.innerHTML = `<div class="chat-project-panel-empty">${escapeHtml(tp('projects.noProjectsClickCreate'))}</div>`;
@@ -1535,6 +1708,7 @@ function initChatProjectSelector() {
        window._projectsLanguageListenerBound = true;
        document.addEventListener('languagechange', () => {
            renderProjectsSidebar();
+            renderProjectsPagination();
            updateChatProjectButtonLabel();
            const panel = document.getElementById('chat-project-panel');
            if (panel && panel.style.display === 'flex') renderChatProjectPanelList();
@@ -1594,6 +1768,10 @@ window.restoreProjectFactByKey = restoreProjectFactByKey;
 window.openVulnerabilitiesForProject = openVulnerabilitiesForProject;
 window.openVulnerabilityDetail = openVulnerabilityDetail;
 window.filterProjectsList = filterProjectsList;
+window.goProjectsPage = goProjectsPage;
+window.changeProjectsPageSize = changeProjectsPageSize;
+window.parseProjectsListResponse = parseProjectsListResponse;
+window.fetchAllProjects = fetchAllProjects;
 window.debouncedLoadProjectFacts = debouncedLoadProjectFacts;
 window.debouncedLoadProjectVulnerabilities = debouncedLoadProjectVulnerabilities;
 window.loadProjectVulnerabilities = loadProjectVulnerabilities;
@@ -56,8 +56,9 @@ function initRouter() {
    const hash = window.location.hash.slice(1);
    if (hash) {
        const hashParts = hash.split('?');
-        const pageId = hashParts[0];
-        if (pageId && ['dashboard', 'chat', 'hitl', 'info-collect', 'projects', 'vulnerabilities', 'webshell', 'chat-files', 'mcp-monitor', 'mcp-management', 'knowledge-management', 'knowledge-retrieval-logs', 'roles-management', 'skills-monitor', 'skills-management', 'agents-management', 'settings', 'tasks', 'c2', 'c2-listeners', 'c2-sessions', 'c2-tasks', 'c2-payloads', 'c2-events', 'c2-profiles'].includes(pageId)) {
+        let pageId = hashParts[0];
+        if (pageId === 'c2') pageId = 'c2-listeners';
+        if (pageId && ['dashboard', 'chat', 'hitl', 'info-collect', 'projects', 'vulnerabilities', 'webshell', 'chat-files', 'mcp-monitor', 'mcp-management', 'knowledge-management', 'knowledge-retrieval-logs', 'roles-management', 'skills-monitor', 'skills-management', 'agents-management', 'settings', 'tasks', 'c2-listeners', 'c2-sessions', 'c2-tasks', 'c2-payloads', 'c2-events', 'c2-profiles'].includes(pageId)) {
            switchPage(pageId);
            if (pageId === 'chat') {
                scheduleChatConversationFromHash(500);
@@ -464,7 +465,6 @@ async function initPage(pageId) {
                loadMarkdownAgents();
            }
            break;
-        case 'c2':
        case 'c2-listeners':
        case 'c2-sessions':
        case 'c2-tasks':
@@ -494,9 +494,10 @@ document.addEventListener('DOMContentLoaded', function() {
        const hash = window.location.hash.slice(1);
        // 处理带参数的hash（如 chat?conversation=xxx）
        const hashParts = hash.split('?');
-        const pageId = hashParts[0];
+        let pageId = hashParts[0];
        
-        if (pageId && ['dashboard', 'chat', 'hitl', 'info-collect', 'tasks', 'vulnerabilities', 'webshell', 'chat-files', 'mcp-monitor', 'mcp-management', 'knowledge-management', 'knowledge-retrieval-logs', 'roles-management', 'skills-monitor', 'skills-management', 'agents-management', 'settings', 'c2', 'c2-listeners', 'c2-sessions', 'c2-tasks', 'c2-payloads', 'c2-events', 'c2-profiles'].includes(pageId)) {
+        if (pageId === 'c2') pageId = 'c2-listeners';
+        if (pageId && ['dashboard', 'chat', 'hitl', 'info-collect', 'tasks', 'vulnerabilities', 'webshell', 'chat-files', 'mcp-monitor', 'mcp-management', 'knowledge-management', 'knowledge-retrieval-logs', 'roles-management', 'skills-monitor', 'skills-management', 'agents-management', 'settings', 'c2-listeners', 'c2-sessions', 'c2-tasks', 'c2-payloads', 'c2-events', 'c2-profiles'].includes(pageId)) {
            switchPage(pageId);
            if (pageId === 'chat') {
                scheduleChatConversationFromHash(200);
@@ -68,9 +68,25 @@
        domPurifyHooksInstalled = true;
    }

+    /** 明显 Markdown 结构时，不应因零散 HTML 标签误判为整页 HTML */
+    function looksLikeMarkdown(src) {
+        const s = String(src);
+        return /^#{1,6}\s/m.test(s)
+            || /^\s*[-*+]\s/m.test(s)
+            || /^\s*\d+\.\s/m.test(s)
+            || /\*\*[^*\n]+\*\*/.test(s)
+            || /`[^`\n]+`/.test(s)
+            || /^```/m.test(s)
+            || /^\|.+\|/m.test(s)
+            || /^\s*>\s/m.test(s);
+    }
+
    /** 探测工具返回的整页 HTML，不宜当作富文本渲染 */
    function isHeavyRawHtml(src) {
        const s = String(src);
+        if (looksLikeMarkdown(s)) {
+            return false;
+        }
        if (/<!DOCTYPE\s+html/i.test(s) || /<\s*html\b/i.test(s)) {
            return true;
        }
@@ -81,6 +97,10 @@
        return tags != null && tags.length >= 8;
    }

+    function escapePlainTextAsHtml(text) {
+        return escapeHtmlLocal(text).replace(/\n/g, '<br>');
+    }
+
    function formatHtmlAsEscapedPre(text) {
        return '<pre class="tool-result sanitized-raw-html-fallback">' + escapeHtmlLocal(text) + '</pre>';
    }
@@ -115,6 +135,23 @@
     * @param {{ profile?: 'chat'|'timeline' }} [options]
     * @returns {string} 安全 HTML
     */
+    function buildRichHtmlFromSource(src) {
+        const hasHtmlTags = /<[a-z][\s\S]*>/i.test(src);
+        const preferMarkdown = typeof marked !== 'undefined'
+            && (looksLikeMarkdown(src) || !hasHtmlTags);
+
+        if (preferMarkdown) {
+            const parsed = parseMarkdownSrc(src);
+            if (parsed != null) {
+                return parsed;
+            }
+        }
+        if (hasHtmlTags) {
+            return src;
+        }
+        return escapePlainTextAsHtml(src);
+    }
+
    function formatMarkdownToHtml(text, options) {
        const profile = (options && options.profile === 'timeline') ? 'timeline' : 'chat';
        const src = normalizeSource(text);
@@ -124,24 +161,13 @@
        }

        if (typeof DOMPurify === 'undefined') {
-            return escapeHtmlLocal(src).replace(/\n/g, '<br>');
+            console.warn('DOMPurify 未加载，Markdown 已降级为纯文本渲染（已转义，防 XSS）');
+            return escapePlainTextAsHtml(src);
        }

        installDomPurifyHooks();
        const config = sanitizeConfigForProfile(profile);
-
-        let html;
-        const hasHtmlTags = /<[a-z][\s\S]*>/i.test(src);
-        if (typeof marked !== 'undefined' && !hasHtmlTags) {
-            const parsed = parseMarkdownSrc(src);
-            html = parsed != null ? parsed : escapeHtmlLocal(src).replace(/\n/g, '<br>');
-        } else if (hasHtmlTags) {
-            html = src;
-        } else {
-            html = escapeHtmlLocal(src).replace(/\n/g, '<br>');
-        }
-
-        return DOMPurify.sanitize(html, config);
+        return DOMPurify.sanitize(buildRichHtmlFromSource(src), config);
    }

    function sanitizeRichHtml(html, profile) {
@@ -171,6 +197,7 @@
        formatMarkdownToHtml: formatMarkdownToHtml,
        sanitizeRichHtml: sanitizeRichHtml,
        isHeavyRawHtml: isHeavyRawHtml,
+        looksLikeMarkdown: looksLikeMarkdown,
        escapeHtmlLocal: escapeHtmlLocal,
        stripSuspiciousImages: stripSuspiciousImages,
    };
@@ -61,21 +61,25 @@ window.syncC2NavOnceFromServer = async function syncC2NavOnceFromServer() {
    }
 };

-// 根据 C2 是否启用显示主导航 C2 入口与仪表盘 C2 区块（与 /api/config 的 c2.enabled 一致）
+// 根据 C2 是否启用显示主导航 C2 入口与仪表盘接入概览中的 C2 子块（与 /api/config 的 c2.enabled 一致）
 function syncC2NavFromConfig(cfg) {
    const on = cfg && cfg.c2 && cfg.c2.enabled !== false;
    const nav = document.getElementById('nav-c2');
    if (nav) {
        nav.style.display = on ? '' : 'none';
    }
-    const dash = document.getElementById('dashboard-section-c2');
-    if (dash) {
+    const c2Tab = document.getElementById('dashboard-access-tab-c2');
+    if (c2Tab) {
        if (!on) {
-            dash.hidden = true;
+            c2Tab.hidden = true;
        } else {
-            dash.removeAttribute('hidden');
+            c2Tab.removeAttribute('hidden');
        }
    }
+    window.__c2Enabled = on;
+    if (typeof syncDashboardAccessTabs === 'function') {
+        syncDashboardAccessTabs();
+    }
 }

 // 切换设置分类
@@ -819,12 +819,19 @@ async function refreshBatchProjectSelectOptions() {
    projectSelect.innerHTML = `<option value="">${escapeHtml(noneLabel)}</option>`;

    try {
-        const response = await apiFetch('/api/projects?status=active&limit=200');
-        if (!response.ok) {
-            throw new Error(_t('projects.loadProjectsFailed'));
+        let list = [];
+        if (typeof fetchAllProjects === 'function') {
+            list = await fetchAllProjects(false);
+        } else {
+            const response = await apiFetch('/api/projects?status=active&limit=500');
+            if (!response.ok) {
+                throw new Error(_t('projects.loadProjectsFailed'));
+            }
+            const data = await response.json();
+            list = typeof parseProjectsListResponse === 'function'
+                ? parseProjectsListResponse(data).items
+                : (Array.isArray(data) ? data : (data.projects || []));
        }
-        const projects = await response.json();
-        const list = Array.isArray(projects) ? projects : [];
        const activeProjectId = typeof getActiveProjectId === 'function' ? getActiveProjectId() || '' : '';

        list.forEach((project) => {
@@ -855,11 +855,6 @@ function renderVulnerabilities(vulnerabilities) {
        if (typeof window.applyTranslations === 'function') {
            window.applyTranslations(listContainer);
        }
-        // 清空分页信息
-        const paginationContainer = document.getElementById('vulnerability-pagination');
-        if (paginationContainer) {
-            paginationContainer.innerHTML = '';
-        }
        return;
    }

@@ -960,12 +955,6 @@ function renderVulnerabilityPagination() {

    const { currentPage, totalPages, total, pageSize } = vulnerabilityPagination;

-    // 如果没有数据，不显示分页控件
-    if (total === 0) {
-        paginationContainer.innerHTML = '';
-        return;
-    }
-
    // 计算显示范围
    const start = total === 0 ? 0 : (currentPage - 1) * pageSize + 1;
    const end = total === 0 ? 0 : Math.min(currentPage * pageSize, total);
@@ -1052,13 +1041,23 @@ async function populateVulnerabilityModalProjectSelect(selectedId) {
    const sel = document.getElementById('vulnerability-project-id');
    if (!sel) return;
    try {
-        const res = await apiFetch('/api/projects?limit=200');
-        if (res.ok) {
-            const list = await res.json();
+        let list = [];
+        if (typeof fetchAllProjects === 'function') {
+            list = await fetchAllProjects();
+        } else {
+            const res = await apiFetch('/api/projects?limit=500');
+            if (res.ok) {
+                const data = await res.json();
+                list = typeof parseProjectsListResponse === 'function'
+                    ? parseProjectsListResponse(data).items
+                    : (Array.isArray(data) ? data : (data.projects || []));
+            }
+        }
+        if (list.length) {
            if (typeof rebuildProjectNameMap === 'function') {
                rebuildProjectNameMap(list);
            } else if (typeof projectNameById !== 'undefined') {
-                (list || []).forEach((p) => { if (p.id) projectNameById[p.id] = p.name || p.id; });
+                list.forEach((p) => { if (p.id) projectNameById[p.id] = p.name || p.id; });
            }
        }
    } catch (e) {
@@ -1722,9 +1721,17 @@ async function refreshVulnerabilityProjectFilter() {
    const sel = document.getElementById('vulnerability-project-filter');
    if (!sel) return;
    try {
-        const res = await apiFetch('/api/projects?limit=200');
-        if (!res.ok) return;
-        const list = await res.json();
+        let list = [];
+        if (typeof fetchAllProjects === 'function') {
+            list = await fetchAllProjects(true);
+        } else {
+            const res = await apiFetch('/api/projects?limit=500');
+            if (!res.ok) return;
+            const data = await res.json();
+            list = typeof parseProjectsListResponse === 'function'
+                ? parseProjectsListResponse(data).items
+                : (Array.isArray(data) ? data : (data.projects || []));
+        }
        if (typeof rebuildProjectNameMap === 'function') {
            rebuildProjectNameMap(list);
        } else if (typeof projectNameById !== 'undefined') {
@@ -221,7 +221,6 @@
                            </svg>
                        </div>
                        <div class="nav-submenu" id="submenu-c2">
-                            <div class="nav-submenu-item" data-page="c2" onclick="switchPage('c2')" data-i18n="nav.c2Manage">C2 管理</div>
                            <div class="nav-submenu-item" data-page="c2-listeners" onclick="switchPage('c2-listeners')" data-i18n="nav.c2Listeners">监听器</div>
                            <div class="nav-submenu-item" data-page="c2-sessions" onclick="switchPage('c2-sessions')" data-i18n="nav.c2Sessions">会话</div>
                            <div class="nav-submenu-item" data-page="c2-tasks" onclick="switchPage('c2-tasks')" data-i18n="nav.c2Tasks">任务</div>
@@ -574,76 +573,59 @@
                                            </div>
                                        </div>
                                    </section>
-                                    <section class="dashboard-section dashboard-section-recent-vulns">
-                                        <div class="dashboard-section-header">
-                                            <h3 class="dashboard-section-title" data-i18n="dashboard.recentVulns">最近漏洞</h3>
-                                            <a class="dashboard-section-link" onclick="switchPage('vulnerabilities')" data-i18n="dashboard.viewAll">查看全部 →</a>
+                                    <section class="dashboard-section dashboard-section-recent-feed">
+                                        <div class="dashboard-section-header dashboard-section-header--tabs">
+                                            <nav class="dashboard-feed-tabs" role="tablist" aria-label="最近漏洞与近期事实">
+                                                <button type="button" class="dashboard-feed-tab is-active" role="tab" id="dashboard-feed-tab-vulns" aria-selected="true" aria-controls="dashboard-feed-panel-vulns" onclick="switchDashboardFeedTab('vulns')" data-i18n="dashboard.recentVulns">最近漏洞</button>
+                                                <button type="button" class="dashboard-feed-tab" role="tab" id="dashboard-feed-tab-facts" aria-selected="false" aria-controls="dashboard-feed-panel-facts" onclick="switchDashboardFeedTab('facts')" data-i18n="dashboard.recentFacts">近期事实</button>
+                                            </nav>
+                                            <a class="dashboard-section-link" id="dashboard-feed-view-all" onclick="switchPage('vulnerabilities')" data-i18n="dashboard.viewAll">查看全部 →</a>
                                        </div>
-                                        <div class="dashboard-recent-vulns" id="dashboard-recent-vulns">
-                                            <div class="dashboard-recent-vulns-empty" id="dashboard-recent-vulns-empty" data-i18n="dashboard.noVulnYet">暂无最近漏洞</div>
-                                        </div>
-                                    </section>
-                                    <!-- C2 概览：介于「最近漏洞」与「批量任务队列」之间 -->
-                                    <section class="dashboard-section dashboard-section-c2" id="dashboard-section-c2" hidden>
-                                        <div class="dashboard-section-header">
-                                            <h3 class="dashboard-section-title" data-i18n="dashboard.c2OverviewTitle">C2 概览</h3>
-                                            <a class="dashboard-section-link" onclick="switchPage('c2')" data-i18n="dashboard.c2GoManage">进入 C2 →</a>
-                                        </div>
-                                        <div class="dashboard-c2-strip">
-                                            <div class="dashboard-c2-stat" role="button" tabindex="0" onclick="switchPage('c2-listeners')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('c2-listeners'); }" data-i18n="dashboard.c2ClickListeners" data-i18n-attr="title" title="查看监听器">
-                                                <span class="dashboard-c2-stat-value" id="dashboard-c2-listeners-running">-</span>
-                                                <span class="dashboard-c2-stat-label" data-i18n="dashboard.c2ListenersRunning">运行中监听器</span>
+                                        <div class="dashboard-feed-panel" id="dashboard-feed-panel-vulns" role="tabpanel" aria-labelledby="dashboard-feed-tab-vulns">
+                                            <div class="dashboard-recent-vulns" id="dashboard-recent-vulns">
+                                                <div class="dashboard-recent-vulns-empty" id="dashboard-recent-vulns-empty" data-i18n="dashboard.noVulnYet">暂无最近漏洞</div>
                                            </div>
-                                            <div class="dashboard-c2-stat" role="button" tabindex="0" onclick="switchPage('c2-sessions')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('c2-sessions'); }" data-i18n="dashboard.c2ClickSessions" data-i18n-attr="title" title="查看会话">
-                                                <span class="dashboard-c2-stat-value" id="dashboard-c2-sessions-online">-</span>
-                                                <span class="dashboard-c2-stat-label" data-i18n="dashboard.c2SessionsOnline">在线会话</span>
-                                            </div>
-                                            <div class="dashboard-c2-stat" role="button" tabindex="0" onclick="switchPage('c2-tasks')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('c2-tasks'); }" data-i18n="dashboard.c2ClickTasks" data-i18n-attr="title" title="查看任务">
-                                                <span class="dashboard-c2-stat-value" id="dashboard-c2-tasks-pending">-</span>
-                                                <span class="dashboard-c2-stat-label" data-i18n="dashboard.c2TasksPending">待审 / 排队任务</span>
+                                        </div>
+                                        <div class="dashboard-feed-panel" id="dashboard-feed-panel-facts" role="tabpanel" aria-labelledby="dashboard-feed-tab-facts" hidden>
+                                            <div class="dashboard-recent-facts" id="dashboard-recent-facts">
+                                                <div class="dashboard-recent-facts-empty" id="dashboard-recent-facts-empty" data-i18n="dashboard.noFactsYet">暂无近期事实</div>
                                            </div>
                                        </div>
                                    </section>
-                                    <section class="dashboard-section dashboard-section-overview">
-                                        <div class="dashboard-section-header">
-                                            <h3 class="dashboard-section-title" data-i18n="dashboard.batchQueues">批量任务队列</h3>
-                                            <a class="dashboard-section-link" onclick="switchPage('tasks')" data-i18n="dashboard.viewAll">查看全部 →</a>
+                                    <!-- 接入概览：C2 / WebShell Tab 切换（样式同「最近漏洞 / 近期事实」） -->
+                                    <section class="dashboard-section dashboard-section-access" id="dashboard-section-access" hidden>
+                                        <div class="dashboard-section-header dashboard-section-header--tabs">
+                                            <nav class="dashboard-feed-tabs" id="dashboard-access-tabs" role="tablist" aria-label="C2 与 WebShell" data-i18n="dashboard.accessTabsAria" data-i18n-attr="aria-label">
+                                                <button type="button" class="dashboard-feed-tab is-active" role="tab" id="dashboard-access-tab-c2" aria-selected="true" aria-controls="dashboard-access-panel-c2" onclick="switchDashboardAccessTab('c2')" data-i18n="nav.c2">C2</button>
+                                                <button type="button" class="dashboard-feed-tab" role="tab" id="dashboard-access-tab-webshell" aria-selected="false" aria-controls="dashboard-access-panel-webshell" onclick="switchDashboardAccessTab('webshell')" data-i18n="dashboard.webshellLabel">WebShell</button>
+                                            </nav>
+                                            <a class="dashboard-section-link" id="dashboard-access-view-all" onclick="switchPage('c2-listeners')" data-i18n="dashboard.c2GoManage">进入 C2 →</a>
                                        </div>
-                                        <div class="dashboard-overview-list">
-                                            <div class="dashboard-overview-item dashboard-overview-item-batch" role="button" tabindex="0" onclick="switchPage('tasks')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('tasks'); }">
-                                                <span class="dashboard-overview-icon dashboard-overview-icon-batch" aria-hidden="true"><svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="3" width="7" height="7"/><rect x="14" y="3" width="7" height="7"/><rect x="14" y="14" width="7" height="7"/><rect x="3" y="14" width="7" height="7"/></svg></span>
-                                                <div class="dashboard-overview-content">
-                                                    <div class="dashboard-overview-header">
-                                                        <span class="dashboard-overview-label" data-i18n="dashboard.batchQueues">批量任务队列</span>
-                                                        <span class="dashboard-overview-total" id="dashboard-batch-total">-</span>
-                                                    </div>
-                                                    <div class="dashboard-overview-stats">
-                                                        <span class="dashboard-overview-stat dashboard-overview-stat-pending">
-                                                            <span class="dashboard-overview-stat-badge badge-pending"></span>
-                                                            <span class="dashboard-overview-stat-value" id="dashboard-batch-pending">-</span>
-                                                            <span class="dashboard-overview-stat-label" data-i18n="dashboard.pending">待执行</span>
-                                                        </span>
-                                                        <span class="dashboard-overview-stat dashboard-overview-stat-running">
-                                                            <span class="dashboard-overview-stat-badge badge-running"></span>
-                                                            <span class="dashboard-overview-stat-value" id="dashboard-batch-running">-</span>
-                                                            <span class="dashboard-overview-stat-label" data-i18n="dashboard.executing">执行中</span>
-                                                        </span>
-                                                        <span class="dashboard-overview-stat dashboard-overview-stat-done">
-                                                            <span class="dashboard-overview-stat-badge badge-done"></span>
-                                                            <span class="dashboard-overview-stat-value" id="dashboard-batch-done">-</span>
-                                                            <span class="dashboard-overview-stat-label" data-i18n="dashboard.completed">已完成</span>
-                                                        </span>
-                                                    </div>
-                                                    <div class="dashboard-overview-progress">
-                                                        <div class="dashboard-overview-progress-bar">
-                                                            <div class="dashboard-overview-progress-segment dashboard-overview-progress-pending" id="dashboard-batch-progress-pending" style="width: 0%"></div>
-                                                            <div class="dashboard-overview-progress-segment dashboard-overview-progress-running" id="dashboard-batch-progress-running" style="width: 0%"></div>
-                                                            <div class="dashboard-overview-progress-segment dashboard-overview-progress-done" id="dashboard-batch-progress-done" style="width: 0%"></div>
-                                                        </div>
-                                                    </div>
+                                        <div class="dashboard-feed-panel" id="dashboard-access-panel-c2" role="tabpanel" aria-labelledby="dashboard-access-tab-c2">
+                                            <div class="dashboard-access-strip">
+                                                <div class="dashboard-access-stat dashboard-access-stat--c2" role="button" tabindex="0" onclick="switchPage('c2-listeners')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('c2-listeners'); }" data-i18n="dashboard.c2ClickListeners" data-i18n-attr="title" title="查看监听器">
+                                                    <span class="dashboard-access-stat-value" id="dashboard-c2-listeners-running">-</span>
+                                                    <span class="dashboard-access-stat-label" data-i18n="dashboard.c2ListenersRunning">运行中监听器</span>
+                                                </div>
+                                                <div class="dashboard-access-stat dashboard-access-stat--c2" role="button" tabindex="0" onclick="switchPage('c2-sessions')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('c2-sessions'); }" data-i18n="dashboard.c2ClickSessions" data-i18n-attr="title" title="查看会话">
+                                                    <span class="dashboard-access-stat-value" id="dashboard-c2-sessions-online">-</span>
+                                                    <span class="dashboard-access-stat-label" data-i18n="dashboard.c2SessionsOnline">在线会话</span>
+                                                </div>
+                                                <div class="dashboard-access-stat dashboard-access-stat--c2" role="button" tabindex="0" onclick="switchPage('c2-tasks')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('c2-tasks'); }" data-i18n="dashboard.c2ClickTasks" data-i18n-attr="title" title="查看任务">
+                                                    <span class="dashboard-access-stat-value" id="dashboard-c2-tasks-pending">-</span>
+                                                    <span class="dashboard-access-stat-label" data-i18n="dashboard.c2TasksPending">待审 / 排队任务</span>
                                                </div>
                                            </div>
                                        </div>
+                                        <div class="dashboard-feed-panel" id="dashboard-access-panel-webshell" role="tabpanel" aria-labelledby="dashboard-access-tab-webshell" hidden>
+                                            <div class="dashboard-access-strip dashboard-access-strip--webshell">
+                                                <div class="dashboard-access-stat dashboard-access-stat--webshell" role="button" tabindex="0" onclick="switchPage('webshell')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('webshell'); }" data-i18n="dashboard.webshellClickConnections" data-i18n-attr="title" title="查看连接">
+                                                    <span class="dashboard-access-stat-value" id="dashboard-webshell-connections">-</span>
+                                                    <span class="dashboard-access-stat-label" data-i18n="dashboard.webshellConnections">活跃连接</span>
+                                                </div>
+                                            </div>
+                                            <div class="dashboard-webshell-recent" id="dashboard-webshell-recent" hidden></div>
+                                        </div>
                                    </section>
                                    <!-- 推荐操作：基于当前数据状态智能生成（如「修复 4 个待处理严重漏洞」「审批 2 个 HITL」），
                                         比纯静态导航更有意义；当没有任何推荐时整个 section 隐藏 -->
@@ -656,6 +638,36 @@
                                    </section>
                                </div>
                                <div class="dashboard-side">
+                                    <section class="dashboard-section dashboard-section-batch-side">
+                                        <div class="dashboard-section-header">
+                                            <h3 class="dashboard-section-title" data-i18n="dashboard.batchQueues">批量任务队列</h3>
+                                            <a class="dashboard-section-link" onclick="switchPage('tasks')" data-i18n="dashboard.viewAll">查看全部 →</a>
+                                        </div>
+                                        <div class="dashboard-batch-side-body" role="button" tabindex="0" onclick="switchPage('tasks')" onkeydown="if(event.key==='Enter'||event.key===' ') { event.preventDefault(); switchPage('tasks'); }">
+                                            <div class="dashboard-batch-side-total" id="dashboard-batch-total">-</div>
+                                            <div class="dashboard-batch-side-stats">
+                                                <div class="dashboard-batch-side-stat dashboard-batch-side-stat--pending">
+                                                    <span class="dashboard-batch-side-stat-value" id="dashboard-batch-pending">-</span>
+                                                    <span class="dashboard-batch-side-stat-label" data-i18n="dashboard.pending">待执行</span>
+                                                </div>
+                                                <div class="dashboard-batch-side-stat dashboard-batch-side-stat--running">
+                                                    <span class="dashboard-batch-side-stat-value" id="dashboard-batch-running">-</span>
+                                                    <span class="dashboard-batch-side-stat-label" data-i18n="dashboard.executing">执行中</span>
+                                                </div>
+                                                <div class="dashboard-batch-side-stat dashboard-batch-side-stat--done">
+                                                    <span class="dashboard-batch-side-stat-value" id="dashboard-batch-done">-</span>
+                                                    <span class="dashboard-batch-side-stat-label" data-i18n="dashboard.completed">已完成</span>
+                                                </div>
+                                            </div>
+                                            <div class="dashboard-batch-side-progress" aria-hidden="true">
+                                                <div class="dashboard-batch-side-progress-bar">
+                                                    <div class="dashboard-batch-side-progress-segment dashboard-batch-side-progress-pending" id="dashboard-batch-progress-pending" style="width: 0%"></div>
+                                                    <div class="dashboard-batch-side-progress-segment dashboard-batch-side-progress-running" id="dashboard-batch-progress-running" style="width: 0%"></div>
+                                                    <div class="dashboard-batch-side-progress-segment dashboard-batch-side-progress-done" id="dashboard-batch-progress-done" style="width: 0%"></div>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </section>
                                    <section class="dashboard-section dashboard-section-tools">
                                        <div class="dashboard-section-header">
                                            <h3 class="dashboard-section-title" data-i18n="dashboard.toolsExecCount">工具执行次数</h3>
@@ -723,14 +735,6 @@
                                                <span class="dashboard-resource-label" data-i18n="dashboard.agentsLabel">Agents</span>
                                                <span class="dashboard-resource-value" id="dashboard-resource-agents">-</span>
                                            </a>
-                                            <!-- WebShell 连接：渗透落地后建立的 foothold，对安全运维场景非常关键 -->
-                                            <a class="dashboard-resource-item" onclick="switchPage('webshell')" role="button" tabindex="0">
-                                                <span class="dashboard-resource-icon dashboard-resource-icon-webshell" aria-hidden="true">
-                                                    <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><polyline points="4 17 10 11 4 5"/><line x1="12" y1="19" x2="20" y2="19"/></svg>
-                                                </span>
-                                                <span class="dashboard-resource-label" data-i18n="dashboard.webshellLabel">WebShell</span>
-                                                <span class="dashboard-resource-value" id="dashboard-resource-webshell">-</span>
-                                            </a>
                                        </div>
                                    </section>
                                </div>
@@ -817,6 +821,7 @@
                                    <div id="conversations-list" class="conversations-list"></div>
                                </div>
                            </div>
+                            <div id="conversations-pagination" class="sidebar-list-pagination conversation-sidebar-pagination"></div>
                            <div id="chat-reasoning-wrapper" class="chat-reasoning-wrapper conversation-reasoning-card conversation-reasoning-collapsed" style="display: none;">
                                <button type="button" id="conversation-reasoning-toggle" class="conversation-reasoning-card-header" onclick="toggleConversationReasoningCard()" aria-expanded="false" aria-controls="conversation-reasoning-body" data-i18n="chat.reasoningCompactAria" data-i18n-attr="aria-label,title" data-i18n-skip-text="true" aria-label="模型推理选项" title="模型推理选项">
                                    <div class="conversation-reasoning-heading">
@@ -1455,6 +1460,7 @@
                                <input type="search" id="projects-list-search" class="form-input" placeholder="搜索项目…" oninput="filterProjectsList()" autocomplete="off" data-i18n="projects.searchProjectsPlaceholder" data-i18n-attr="placeholder">
                            </div>
                            <div id="projects-list" class="projects-list"></div>
+                            <div id="projects-pagination" class="sidebar-list-pagination projects-sidebar-pagination"></div>
                        </aside>
                        <main class="projects-detail" id="projects-detail-main">
                            <div class="projects-detail-placeholder" id="projects-detail-placeholder">
@@ -2005,51 +2011,6 @@
                    </div>
                </div>

-                <!-- C2 管理页面容器（各子页面通过 JS 动态渲染） -->
-                <div id="page-c2" class="page">
-                    <div class="page-header">
-                        <h2 data-i18n="c2.title">C2 管理</h2>
-                    </div>
-                    <div class="page-content" id="c2-content">
-                        <div class="c2-layout">
-                            <div id="c2-main" class="c2-main">
-                                <div class="c2-welcome">
-                                    <div class="c2-welcome-icon">
-                                        <svg width="72" height="72" viewBox="0 0 24 24" fill="none" stroke="url(#c2-grad)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true">
-                                            <defs><linearGradient id="c2-grad" x1="0" y1="0" x2="1" y2="1"><stop offset="0%" stop-color="#00d4ff"/><stop offset="100%" stop-color="#a855f7"/></linearGradient></defs>
-                                            <path d="M4.9 19.1C1 15.2 1 8.8 4.9 4.9"></path>
-                                            <path d="M7.8 16.2c-2.3-2.3-2.3-6.1 0-8.5"></path>
-                                            <circle cx="12" cy="12" r="2"></circle>
-                                            <path d="M16.2 7.8c2.3 2.3 2.3 6.1 0 8.5"></path>
-                                            <path d="M19.1 4.9C23 8.8 23 15.2 19.1 19"></path>
-                                        </svg>
-                                    </div>
-                                    <h3 data-i18n="c2.welcomeTitle">AI-Native C2 框架</h3>
-                                    <p data-i18n="c2.welcomeDesc">以 MCP 工具为一等公民，让 LLM 可以像调用 nmap 一样调用 C2 完成"上线 → 控制 → 任务 → 横向 → 清场"全流程</p>
-                                    <div class="c2-stats" id="c2-dashboard-stats">
-                                        <div class="c2-stat-item">
-                                            <span class="c2-stat-value" id="c2-stat-listeners">-</span>
-                                            <span class="c2-stat-label" data-i18n="c2.statListeners">运行中监听器</span>
-                                        </div>
-                                        <div class="c2-stat-item">
-                                            <span class="c2-stat-value" id="c2-stat-sessions">-</span>
-                                            <span class="c2-stat-label" data-i18n="c2.statSessions">在线会话</span>
-                                        </div>
-                                        <div class="c2-stat-item">
-                                            <span class="c2-stat-value" id="c2-stat-pending">-</span>
-                                            <span class="c2-stat-label" data-i18n="c2.statPending">待审任务</span>
-                                        </div>
-                                    </div>
-                                    <div class="c2-actions">
-                                        <button class="btn-primary" onclick="switchPage('c2-listeners')" data-i18n="c2.goListeners">管理监听器</button>
-                                        <button class="btn-secondary" onclick="switchPage('c2-sessions')" data-i18n="c2.goSessions">查看会话</button>
-                                    </div>
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-
                <!-- C2 监听器管理页面 -->
                <div id="page-c2-listeners" class="page">
                    <div class="page-header">
@@ -3517,10 +3478,9 @@
        </div>
    </div>

-    <!-- Marked.js for Markdown parsing -->
-    <script src="https://cdn.jsdelivr.net/npm/marked@11.1.1/marked.min.js"></script>
-    <!-- DOMPurify for HTML sanitization to prevent XSS -->
-    <script src="https://cdn.jsdelivr.net/npm/dompurify@3.0.8/dist/purify.min.js"></script>
+    <!-- Marked.js + DOMPurify：本地 vendor，避免 CDN 不可用导致 Markdown 降级为纯文本 -->
+    <script src="/static/vendor/marked.min.js"></script>
+    <script src="/static/vendor/purify.min.js"></script>
    <script src="/static/js/sanitize-markdown.js"></script>
    <!-- Cytoscape.js for attack chain visualization -->
    <script src="https://cdn.jsdelivr.net/npm/cytoscape@3.27.0/dist/cytoscape.min.js"></script>
@@ -4261,6 +4221,11 @@
                    <textarea id="fact-modal-body" class="form-input fact-modal-body-input" rows="14" placeholder="攻击链步骤、HTTP/命令 POC、响应现象、证据…" oninput="updateFactFormHints()"></textarea>
                    <p id="fact-modal-body-hint" class="projects-field-hint" role="status"></p>
                </div>
+                <div class="projects-form-field">
+                    <label class="projects-filter-check projects-pin-toggle">
+                        <input type="checkbox" id="fact-modal-pinned"> <span data-i18n="projects.pinFact">置顶事实（列表与黑板索引优先）</span>
+                    </label>
+                </div>
                <div class="projects-form-field">
                    <label for="fact-modal-related-vuln" data-i18n="projects.relatedVulnIdLabel">关联漏洞 ID</label>
                    <input type="text" id="fact-modal-related-vuln" class="form-input" placeholder="可选" data-i18n="projects.optional" data-i18n-attr="placeholder">
@@ -4285,12 +4250,6 @@
            </div>
            <div class="projects-modal-body">
                <p id="fact-detail-sparse-warn" class="projects-fact-sparse-warn" hidden></p>
-                <div id="fact-detail-prev-wrap" class="fact-detail-prev-wrap" hidden>
-                    <h4 class="fact-detail-prev-title" data-i18n="projects.previousVersion">上一版本</h4>
-                    <p id="fact-detail-prev-meta" class="projects-modal-subtitle"></p>
-                    <pre id="fact-detail-prev-body" class="fact-detail-body fact-detail-body--muted"></pre>
-                </div>
-                <h4 class="fact-detail-current-title" data-i18n="projects.currentVersion">当前版本</h4>
                <pre id="fact-detail-body" class="fact-detail-body"></pre>
            </div>
            <div class="projects-modal-footer projects-modal-footer--split">
Author	SHA1	Message	Date
公明	e8a75e5105	Update config.yaml	2026-06-11 02:03:03 +08:00
公明	48976ed650	Add files via upload	2026-06-11 01:48:42 +08:00
公明	dc9ecae7fd	Add files via upload	2026-06-11 01:43:35 +08:00
公明	a9d0a59f7a	Add files via upload	2026-06-11 01:41:57 +08:00
公明	5ec4729b83	Add files via upload	2026-06-11 01:40:00 +08:00
公明	9857003018	Add files via upload	2026-06-11 01:38:25 +08:00
公明	a6e7885fed	Add files via upload	2026-06-11 01:31:18 +08:00
公明	e69375451c	Add files via upload	2026-06-11 01:29:07 +08:00
公明	07e7f104ad	Add files via upload	2026-06-11 01:27:50 +08:00
公明	ffce9185bb	Add files via upload	2026-06-11 01:16:20 +08:00
公明	612f16455d	Add files via upload	2026-06-11 01:14:52 +08:00
公明	ecd5b40bc2	Add files via upload	2026-06-11 01:13:11 +08:00
公明	5aa7306c9b	Update config.yaml	2026-06-11 00:53:39 +08:00
公明	1027d9f6cf	Update config.yaml	2026-06-11 00:41:27 +08:00
公明	e05b008903	Add files via upload	2026-06-11 00:38:00 +08:00
公明	9bcc7a27fe	Add files via upload	2026-06-11 00:35:44 +08:00
公明	fb3087b760	Add files via upload	2026-06-10 14:20:24 +08:00
公明	cd48a43b7e	Add files via upload	2026-06-10 14:18:17 +08:00
公明	07be48ae59	Add files via upload	2026-06-10 14:06:33 +08:00
公明	529f94a4f7	Add files via upload	2026-06-10 11:33:05 +08:00
公明	d2fe023d7e	Delete internal/database/project_fact_version.go	2026-06-10 11:19:21 +08:00
公明	09e858619e	Add files via upload	2026-06-10 11:17:29 +08:00
公明	9c54291295	Add files via upload	2026-06-10 11:14:32 +08:00
公明	b3f7b8494b	Delete web/static/js/knowledge.js.bak	2026-06-09 21:06:14 +08:00
公明	849c644a86	Add files via upload	2026-06-09 21:05:29 +08:00
公明	9e0525abc1	Add files via upload	2026-06-09 20:44:41 +08:00
公明	6bacac2e6a	Add files via upload	2026-06-09 20:27:45 +08:00
公明	244307b52c	Add files via upload	2026-06-09 20:26:18 +08:00
公明	faaac5fbd7	Add files via upload	2026-06-09 20:24:53 +08:00
公明	3392fefedf	Add files via upload	2026-06-09 20:23:09 +08:00
公明	abef51b805	Add files via upload	2026-06-09 18:05:29 +08:00
公明	8143d8f220	Add files via upload	2026-06-09 17:53:37 +08:00
公明	73337c5226	Add files via upload	2026-06-09 17:44:39 +08:00
公明	c9c9ca1eec	Add files via upload	2026-06-09 17:39:27 +08:00
公明	25f8b610fb	Add files via upload	2026-06-09 17:37:04 +08:00
公明	6bfa7b8959	Add files via upload	2026-06-09 17:34:36 +08:00
公明	99a41d8188	Add files via upload	2026-06-09 14:32:11 +08:00
公明	6d04753761	Add files via upload	2026-06-09 14:28:15 +08:00
公明	a08df7ab79	Add files via upload	2026-06-09 14:23:08 +08:00
公明	3123a07c48	Update config.yaml	2026-06-09 14:03:09 +08:00
公明	7b3d35fabe	Add files via upload	2026-06-09 13:39:22 +08:00
公明	cb17d3a5c1	Add files via upload	2026-06-09 11:03:51 +08:00
公明	c2892ccd33	Add files via upload	2026-06-08 15:55:03 +08:00