Update version to v1.6.40 in config.yaml

Add files via upload
2026-06-18 20:10:13 +02:00 · 2026-06-18 23:24:14 +08:00 · 2026-06-18 23:23:48 +08:00 · 2026-06-18 23:21:58 +08:00 · 2026-06-18 23:20:39 +08:00 · 2026-06-18 23:19:09 +08:00
21 changed files with 2804 additions and 214 deletions
@@ -10,7 +10,7 @@
 # ============================================

 # 前端显示的版本号（可选，不填则显示默认版本）
-version: "v1.6.39"
+version: "v1.6.40"
 # 服务器配置
 server:
  host: 0.0.0.0 # 监听地址，0.0.0.0 表示监听所有网络接口
@@ -876,6 +876,7 @@ func setupRoutes(
 		protected.POST("/config/apply", configHandler.ApplyConfig)
 		protected.POST("/config/test-openai", configHandler.TestOpenAI)
 		protected.POST("/config/test-vision", configHandler.TestVision)
+		protected.POST("/config/list-models", configHandler.ListModels)

 		// 系统设置 - 终端（执行命令，提高运维效率）
 		protected.POST("/terminal/run", terminalHandler.RunCommand)
@@ -1107,6 +1108,7 @@ func setupRoutes(
 		c2Routes.POST("/listeners/:id/start", c2Handler.StartListener)
 		c2Routes.POST("/listeners/:id/stop", c2Handler.StopListener)
 		c2Routes.GET("/sessions", c2Handler.ListSessions)
+		c2Routes.DELETE("/sessions", c2Handler.DeleteSessions)
 		c2Routes.GET("/sessions/:id", c2Handler.GetSession)
 		c2Routes.DELETE("/sessions/:id", c2Handler.DeleteSession)
 		c2Routes.PUT("/sessions/:id/sleep", c2Handler.SetSessionSleep)
@@ -61,6 +61,7 @@ func registerC2ListenerTool(s *mcp.Server, m *c2.Manager, l *zap.Logger, webList
 - stop: 停止监听器（需 listener_id）
 - delete: 删除监听器（需 listener_id）
 监听器类型: tcp_reverse, http_beacon, https_beacon, websocket
+tcp_reverse 默认仅接受 CSB1 加密 Beacon（AES-GCM + ImplantToken）才登记会话；经典 bash/nc 反弹需在 config.allow_legacy_shell=true（公网不推荐）。
 端口约束：create/update 的 bind_port 禁止与本平台 Web/API 所用端口相同。当前本服务该端口为 %d（配置项 server.port，随进程启动从配置文件加载）。若 bind_port 与此相同会导致本服务或监听器 bind 失败、Beacon/oneliner 误连到 Web 而非 C2。请为监听器另选空闲端口。`, webListenPort),
 		InputSchema: map[string]interface{}{
 			"type": "object",
@@ -74,7 +75,7 @@ func registerC2ListenerTool(s *mcp.Server, m *c2.Manager, l *zap.Logger, webList
 				"bind_port":   map[string]interface{}{"type": "integer", "description": fmt.Sprintf("绑定端口（create 必填）。须 ≠ %d（当前本服务 Web/API 端口，配置 server.port）", webListenPort), "minimum": 1, "maximum": 65535},
 				"profile_id":  map[string]interface{}{"type": "string", "description": "Malleable Profile ID"},
 				"remark":      map[string]interface{}{"type": "string", "description": "备注"},
-				"config":      map[string]interface{}{"type": "object", "description": "高级配置（beacon 路径/TLS/OPSEC 等），create/update 可用"},
+				"config":      map[string]interface{}{"type": "object", "description": "高级配置（beacon 路径/TLS/OPSEC 等），create/update 可用。tcp_reverse 可选 allow_legacy_shell:true 允许未加密经典 shell（默认 false）"},
 			},
 			"required": []string{"action"},
 		},
@@ -222,20 +223,23 @@ func registerC2SessionTool(s *mcp.Server, m *c2.Manager, l *zap.Logger) {
 	s.RegisterTool(mcp.Tool{
 		Name: builtin.ToolC2Session,
 		Description: `C2 会话管理。通过 action 参数选择操作：
- list: 列出会话（可按 listener_id/status/os/search 过滤）
+- list: 列出会话（可按 listener_id/status/os/search/suspicious 过滤）
 - get: 获取会话详情及最近任务历史（需 session_id）
 - set_sleep: 设置心跳间隔（需 session_id）
 - kill: 下发 exit 任务让 implant 退出（需 session_id）
- delete: 删除会话记录（需 session_id）`,
+- delete: 删除单个会话记录（需 session_id）
+- delete_batch: 批量删除会话（需 session_ids 数组）`,
 		InputSchema: map[string]interface{}{
 			"type": "object",
 			"properties": map[string]interface{}{
-				"action":         map[string]interface{}{"type": "string", "description": "操作: list/get/set_sleep/kill/delete", "enum": []string{"list", "get", "set_sleep", "kill", "delete"}},
+				"action":         map[string]interface{}{"type": "string", "description": "操作: list/get/set_sleep/kill/delete/delete_batch", "enum": []string{"list", "get", "set_sleep", "kill", "delete", "delete_batch"}},
 				"session_id":     map[string]interface{}{"type": "string", "description": "会话 ID（get/set_sleep/kill/delete 需要）"},
+				"session_ids":    map[string]interface{}{"type": "array", "items": map[string]interface{}{"type": "string"}, "description": "会话 ID 列表（delete_batch）"},
 				"listener_id":    map[string]interface{}{"type": "string", "description": "按监听器过滤（list）"},
 				"status":         map[string]interface{}{"type": "string", "description": "按状态过滤: active/sleeping/dead/killed（list）"},
 				"os":             map[string]interface{}{"type": "string", "description": "按 OS 过滤: linux/windows/darwin（list）"},
 				"search":         map[string]interface{}{"type": "string", "description": "模糊搜索 hostname/username/IP（list）"},
+				"suspicious":     map[string]interface{}{"type": "boolean", "description": "仅疑似误报：离线且 tcp_* / unknown / PID 0（list）"},
 				"limit":          map[string]interface{}{"type": "integer", "description": "返回数量上限（list）"},
 				"sleep_seconds":  map[string]interface{}{"type": "integer", "description": "心跳间隔秒数（set_sleep）"},
 				"jitter_percent": map[string]interface{}{"type": "integer", "description": "抖动百分比 0-100（set_sleep）"},
@@ -257,6 +261,9 @@ func registerC2SessionTool(s *mcp.Server, m *c2.Manager, l *zap.Logger) {
 			if limit := int(getFloat64(params, "limit")); limit > 0 {
 				filter.Limit = limit
 			}
+			if v, ok := params["suspicious"].(bool); ok && v {
+				filter.Suspicious = true
+			}
 			sessions, err := m.DB().ListC2Sessions(filter)
 			return makeC2Result(map[string]interface{}{"sessions": sessions, "count": len(sessions)}, err)

@@ -274,8 +281,16 @@ func registerC2SessionTool(s *mcp.Server, m *c2.Manager, l *zap.Logger) {
 		case "set_sleep":
 			sleep := int(getFloat64(params, "sleep_seconds"))
 			jitter := int(getFloat64(params, "jitter_percent"))
-			err := m.DB().SetC2SessionSleep(id, sleep, jitter)
-			return makeC2Result(map[string]interface{}{"updated": err == nil, "sleep_seconds": sleep, "jitter_percent": jitter}, err)
+			task, err := m.SetSessionSleep(id, sleep, jitter)
+			out := map[string]interface{}{
+				"updated":        err == nil,
+				"sleep_seconds":  sleep,
+				"jitter_percent": jitter,
+			}
+			if task != nil {
+				out["task_id"] = task.ID
+			}
+			return makeC2Result(out, err)

 		case "kill":
 			task, err := m.EnqueueTask(c2.EnqueueTaskInput{
@@ -292,6 +307,17 @@ func registerC2SessionTool(s *mcp.Server, m *c2.Manager, l *zap.Logger) {
 			err := m.DB().DeleteC2Session(id)
 			return makeC2Result(map[string]interface{}{"deleted": err == nil}, err)

+		case "delete_batch":
+			rawIDs, _ := params["session_ids"].([]interface{})
+			ids := make([]string, 0, len(rawIDs))
+			for _, v := range rawIDs {
+				if s, ok := v.(string); ok && strings.TrimSpace(s) != "" {
+					ids = append(ids, strings.TrimSpace(s))
+				}
+			}
+			n, err := m.DB().DeleteC2SessionsByIDs(ids)
+			return makeC2Result(map[string]interface{}{"deleted": n}, err)
+
 		default:
 			return makeC2Result(nil, fmt.Errorf("unknown action: %s", action))
 		}
@@ -491,11 +517,11 @@ func registerC2PayloadTool(s *mcp.Server, m *c2.Manager, l *zap.Logger, webListe
 		Name: builtin.ToolC2Payload,
 		Description: fmt.Sprintf(`C2 Payload 生成。通过 action 参数选择操作：
 - oneliner: 生成单行 payload。kind 必须与监听器协议一致，否则会失败：
-  • tcp_reverse：裸 TCP 反弹，可用 kind: bash, nc, nc_mkfifo, python, perl, powershell（bash 指 /dev/tcp 类，不是 HTTP）。
+  • tcp_reverse：默认仅支持 build 加密 Beacon；若监听器 config.allow_legacy_shell=true，才可用 kind: bash, nc, nc_mkfifo, python, perl, powershell。
  • http_beacon / https_beacon / websocket：仅 HTTP(S) Beacon 轮询，oneliner 只能用 kind: curl_beacon（脚本内用 bash+curl，与「tcp 的 bash」不同）。curl_beacon 返回串末尾含「 &」用于把整个 bash -c 放后台；若用 exec/execute 同步执行，必须整段原样复制（含末尾 &）。若删掉 &，内部 while 死循环占满前台，调用会一直阻塞到超时/杀进程。
-  • 需要经典 bash 反弹 shell 时：先 c2_listener create type=tcp_reverse，再对该监听器用 kind=bash。
+  • 公网部署 tcp_reverse 请用 build 生成加密 Beacon，勿开启 allow_legacy_shell。
  • 省略 kind 时，会按监听器类型自动选第一个兼容类型（HTTP 系默认为 curl_beacon）。
- build: 交叉编译 beacon 二进制。支持 http_beacon / https_beacon / websocket / tcp_reverse（tcp_reverse 下植入端回连后先发魔数 CSB1，再走与 HTTP 相同的 AES-GCM JSON 语义；未发魔数的连接仍按经典交互 shell 处理）。
+- build: 交叉编译 beacon 二进制。支持 http_beacon / https_beacon / websocket / tcp_reverse（tcp_reverse 植入端回连后先发魔数 CSB1，再经 AES-GCM 解密且校验 ImplantToken 后才登记会话）。
 依赖的监听器 bind_port 须避开本服务 Web 端口 %d（配置 server.port，与 c2_listener 描述一致），否则 Beacon 无法正确回连。`, webListenPort),
 		InputSchema: map[string]interface{}{
 			"type": "object",
@@ -540,6 +566,9 @@ func registerC2PayloadTool(s *mcp.Server, m *c2.Manager, l *zap.Logger, webListe
 				}
 				return makeC2Result(nil, fmt.Errorf("监听器类型 %s 不支持 %s，兼容类型: %v", listener.Type, kind, names))
 			}
+			if err := c2.ValidateOnelinerForListener(listener, kind); err != nil {
+				return makeC2Result(nil, err)
+			}
 			input := c2.OnelinerInput{
 				Kind:         kind,
 				Host:         host,
@@ -20,10 +20,9 @@ import (
 )

 // TCPReverseListener 监听 TCP 端口，等待目标机反弹连接。
-// 经典模式：纯交互式 raw shell，与 nc / bash -i >& /dev/tcp 兼容。
-// 二进制 Beacon：连接后先发送魔数 CSB1，随后使用与 HTTP Beacon 相同的 AES-GCM JSON 语义（成帧见 tcp_beacon_server.go）。
-// 每个新连接自动生成一个 implant_uuid（基于远端地址 + 启动时间 hash），登记为 c2_session；
-// 任务派发：使用同步 exec 模式 —— 收到 task 时直接 send 命令字节并读取输出（带结束标记）。
+// 默认仅接受加密 TCP Beacon：连接后先发送魔数 CSB1，再经 AES-GCM 解密且校验 ImplantToken 后才登记会话。
+// 可选经典模式（config.allow_legacy_shell=true）：纯交互式 raw shell，与 nc / bash -i >& /dev/tcp 兼容，无鉴权，仅建议内网实验。
+// 任务派发（经典模式）：同步 exec —— 收到 task 时直接 send 命令字节并读取输出（带结束标记）。
 type TCPReverseListener struct {
 	rec     *database.C2Listener
 	cfg     *ListenerConfig
@@ -122,12 +121,14 @@ func (l *TCPReverseListener) acceptLoop() {
 	}
 }

-// handleConn 一个连接=一个会话：先识别二进制 TCP Beacon（魔数 CSB1），否则走经典交互式 shell。
+// handleConn 先识别加密 TCP Beacon（魔数 CSB1 + AES-GCM + Token）；未通过则按配置拒绝或走经典 shell。
 func (l *TCPReverseListener) handleConn(conn net.Conn) {
 	br := bufio.NewReader(conn)
-	_ = conn.SetReadDeadline(time.Now().Add(20 * time.Second))
-	prefix, err := br.Peek(4)
-	if err == nil && len(prefix) == 4 && string(prefix) == tcpBeaconMagic {
+	remote := conn.RemoteAddr().String()
+
+	_ = conn.SetReadDeadline(time.Now().Add(tcpBeaconPeekTimeout))
+	prefix, peekErr := br.Peek(4)
+	if peekErr == nil && len(prefix) == 4 && string(prefix) == tcpBeaconMagic {
 		if _, err := br.Discard(4); err != nil {
 			_ = conn.Close()
 			return
@@ -136,14 +137,22 @@ func (l *TCPReverseListener) handleConn(conn net.Conn) {
 		l.handleTCPBeaconSession(conn, br)
 		return
 	}
+
+	if !l.cfg.AllowLegacyShell {
+		l.logger.Debug("tcp_reverse 拒绝未加密连接", zap.String("remote", remote))
+		_ = conn.Close()
+		return
+	}
+
 	_ = conn.SetReadDeadline(time.Time{})
 	l.handleShellConn(conn, br)
 }

-// handleShellConn 经典裸 TCP 反弹 shell（与 nc/bash /dev/tcp 兼容）。
+// handleShellConn 经典裸 TCP 反弹 shell（与 nc/bash /dev/tcp 兼容）；需监听器显式开启 allow_legacy_shell。
 func (l *TCPReverseListener) handleShellConn(conn net.Conn, br *bufio.Reader) {
 	remote := conn.RemoteAddr().String()
 	host, _, _ := net.SplitHostPort(remote)
+
 	// 用 listener+remote_ip 生成稳定 implant_uuid，使同一来源的重连复用同一会话
 	uuidSeed := fmt.Sprintf("%s|%s", l.rec.ID, host)
 	hash := sha256.Sum256([]byte(uuidSeed))
@@ -381,8 +381,10 @@ func (m *Manager) IngestCheckIn(listenerID string, req ImplantCheckInRequest) (*
 		Metadata:      req.Metadata,
 	}
 	if existing != nil {
-		// 保留原 ID/FirstSeenAt/Note，避免被覆盖
+		// 保留原 ID/FirstSeenAt/Note 与操作员设置的 sleep/jitter，避免被 beacon 心跳上报覆盖
 		session.FirstSeenAt = existing.FirstSeenAt
+		session.SleepSeconds = existing.SleepSeconds
+		session.JitterPercent = existing.JitterPercent
 		if session.Note == "" {
 			session.Note = existing.Note
 		}
@@ -413,6 +415,44 @@ func (m *Manager) IngestCheckIn(listenerID string, req ImplantCheckInRequest) (*
 	return session, nil
 }

+// SetSessionSleep 更新会话期望的心跳间隔，并向植入体下发 sleep 任务以尽快生效。
+func (m *Manager) SetSessionSleep(sessionID string, sleepSeconds, jitterPercent int) (*database.C2Task, error) {
+	if strings.TrimSpace(sessionID) == "" {
+		return nil, ErrInvalidInput
+	}
+	if sleepSeconds < 1 {
+		sleepSeconds = 1
+	}
+	if jitterPercent < 0 {
+		jitterPercent = 0
+	}
+	if jitterPercent > 100 {
+		jitterPercent = 100
+	}
+	if err := m.db.SetC2SessionSleep(sessionID, sleepSeconds, jitterPercent); err != nil {
+		return nil, err
+	}
+	task, err := m.EnqueueTask(EnqueueTaskInput{
+		SessionID: sessionID,
+		TaskType:  TaskTypeSleep,
+		Payload: map[string]interface{}{
+			"seconds": sleepSeconds,
+			"jitter":  jitterPercent,
+		},
+		Source: "manual",
+	})
+	if err != nil {
+		m.logger.Warn("sleep 任务入队失败", zap.Error(err), zap.String("session_id", sessionID))
+	}
+	m.publishEvent("info", "session", sessionID, "",
+		fmt.Sprintf("Sleep 已更新: %ds (抖动 %d%%)", sleepSeconds, jitterPercent),
+		map[string]interface{}{
+			"sleep_seconds":  sleepSeconds,
+			"jitter_percent": jitterPercent,
+		})
+	return task, nil
+}
+
 // MarkSessionDead 心跳超时检测器调用：标记会话为 dead
 func (m *Manager) MarkSessionDead(sessionID string) error {
 	if err := m.db.SetC2SessionStatus(sessionID, string(SessionDead)); err != nil {
@@ -0,0 +1,118 @@
+package c2
+
+import (
+	"path/filepath"
+	"testing"
+
+	"cyberstrike-ai/internal/database"
+
+	"go.uber.org/zap"
+)
+
+func TestIngestCheckIn_PreservesOperatorSleepOnHeartbeat(t *testing.T) {
+	tmp := t.TempDir()
+	db, err := database.NewDB(filepath.Join(tmp, "c2.sqlite"), zap.NewNop())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() { _ = db.Close() })
+
+	mgr := NewManager(db, zap.NewNop(), tmp)
+	ln, err := mgr.CreateListener(CreateListenerInput{
+		Name:     "t",
+		Type:     string(ListenerTypeHTTPBeacon),
+		BindHost: "127.0.0.1",
+		BindPort: 18080,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	first, err := mgr.IngestCheckIn(ln.ID, ImplantCheckInRequest{
+		ImplantUUID:   "implant-uuid-1",
+		Hostname:      "host1",
+		Username:      "user",
+		OS:            "darwin",
+		Arch:          "amd64",
+		SleepSeconds:  5,
+		JitterPercent: 0,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := db.SetC2SessionSleep(first.ID, 30, 20); err != nil {
+		t.Fatal(err)
+	}
+
+	second, err := mgr.IngestCheckIn(ln.ID, ImplantCheckInRequest{
+		ImplantUUID:   "implant-uuid-1",
+		Hostname:      "host1",
+		Username:      "user",
+		OS:            "darwin",
+		Arch:          "amd64",
+		SleepSeconds:  5,
+		JitterPercent: 0,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if second.SleepSeconds != 30 || second.JitterPercent != 20 {
+		t.Fatalf("expected sleep=30 jitter=20, got sleep=%d jitter=%d", second.SleepSeconds, second.JitterPercent)
+	}
+
+	stored, err := db.GetC2Session(first.ID)
+	if err != nil || stored == nil {
+		t.Fatal(err)
+	}
+	if stored.SleepSeconds != 30 || stored.JitterPercent != 20 {
+		t.Fatalf("db: expected sleep=30 jitter=20, got sleep=%d jitter=%d", stored.SleepSeconds, stored.JitterPercent)
+	}
+}
+
+func TestSetSessionSleep_UpdatesDBAndEnqueuesTask(t *testing.T) {
+	tmp := t.TempDir()
+	db, err := database.NewDB(filepath.Join(tmp, "c2.sqlite"), zap.NewNop())
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Cleanup(func() { _ = db.Close() })
+
+	mgr := NewManager(db, zap.NewNop(), tmp)
+	ln, err := mgr.CreateListener(CreateListenerInput{
+		Name:     "t2",
+		Type:     string(ListenerTypeHTTPBeacon),
+		BindHost: "127.0.0.1",
+		BindPort: 18081,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	sess, err := mgr.IngestCheckIn(ln.ID, ImplantCheckInRequest{
+		ImplantUUID:  "implant-uuid-2",
+		Hostname:     "host2",
+		Username:     "user",
+		OS:           "linux",
+		Arch:         "amd64",
+		SleepSeconds: 5,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	task, err := mgr.SetSessionSleep(sess.ID, 15, 10)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if task == nil || task.TaskType != string(TaskTypeSleep) {
+		t.Fatalf("expected sleep task, got %#v", task)
+	}
+
+	stored, err := db.GetC2Session(sess.ID)
+	if err != nil || stored == nil {
+		t.Fatal(err)
+	}
+	if stored.SleepSeconds != 15 || stored.JitterPercent != 10 {
+		t.Fatalf("expected sleep=15 jitter=10, got sleep=%d jitter=%d", stored.SleepSeconds, stored.JitterPercent)
+	}
+}
@@ -1,9 +1,12 @@
 package c2

 import (
+	"encoding/json"
 	"fmt"
 	"net/url"
 	"strings"
+
+	"cyberstrike-ai/internal/database"
 )

 // OnelinerKind 单行 payload 的语言/形式
@@ -79,6 +82,23 @@ type OnelinerInput struct {
 	ImplantToken string // HTTP Beacon 鉴权 token
 }

+// ValidateOnelinerForListener 校验 oneliner 与监听器配置是否匹配（如 tcp_reverse 默认要求加密 Beacon）。
+func ValidateOnelinerForListener(listener *database.C2Listener, kind OnelinerKind) error {
+	if listener == nil {
+		return fmt.Errorf("listener is nil")
+	}
+	if ListenerType(listener.Type) == ListenerTypeTCPReverse && tcpOnelinerKinds[kind] {
+		cfg := &ListenerConfig{}
+		if strings.TrimSpace(listener.ConfigJSON) != "" {
+			_ = json.Unmarshal([]byte(listener.ConfigJSON), cfg)
+		}
+		if !cfg.AllowLegacyShell {
+			return fmt.Errorf("监听器未开启 allow_legacy_shell：tcp_reverse 默认仅接受 CSB1 加密 Beacon（AES-GCM + Token）；请用 build 生成 beacon，或显式开启 allow_legacy_shell（公网不推荐）")
+		}
+	}
+	return nil
+}
+
 // GenerateOneliner 生成单行 payload。
 // 设计要点：
 //   - 不依赖目标机预装的可执行（除该 oneliner 关键的 bash/python/perl 等）；
@@ -23,6 +23,9 @@ import (
 // tcpBeaconMagic 二进制 Beacon 在反向 TCP 连接建立后首先发送的 4 字节，用于与经典 shell 反弹区分。
 const tcpBeaconMagic = "CSB1"

+// tcpBeaconPeekTimeout 等待 CSB1 魔数的探测窗口；合法 Beacon 连接后立即发送魔数。
+const tcpBeaconPeekTimeout = 2 * time.Second
+
 // tcpBeaconMaxFrame 单帧密文（base64 字符串）最大字节数，防止 OOM。
 const tcpBeaconMaxFrame = 64 << 20

@@ -141,6 +141,8 @@ type ListenerConfig struct {
 	MaxConcurrentTasks int `json:"max_concurrent_tasks,omitempty"`
 	// CallbackHost 植入端/Payload 使用的回连主机名（可选）；与 bind_host 分离，便于 NAT/ECS 等场景
 	CallbackHost string `json:"callback_host,omitempty"`
+	// AllowLegacyShell 为 true 时 tcp_reverse 允许未加密的经典 bash/nc 反弹 shell 登记会话（默认 false，公网部署强烈不建议开启）
+	AllowLegacyShell bool `json:"allow_legacy_shell,omitempty"`
 }

 // ApplyDefaults 对未填字段填默认值；调用方负责持久化时序列化新值
@@ -17,6 +17,9 @@ var ErrNoValidC2EventIDs = errors.New("no valid event ids")
 // ErrNoValidC2TaskIDs 批量删除任务时未提供任何合法 ID
 var ErrNoValidC2TaskIDs = errors.New("no valid task ids")

+// ErrNoValidC2SessionIDs 批量删除会话时未提供任何合法 ID
+var ErrNoValidC2SessionIDs = errors.New("no valid session ids")
+
 // validC2TextIDForDelete 校验 C2 文本主键（e_/t_/s_/… 等）用于批量删除入参
 func validC2TextIDForDelete(id string) bool {
 	if len(id) < 2 || len(id) > 80 {
@@ -473,6 +476,7 @@ type ListC2SessionsFilter struct {
 	Status     string // active|sleeping|dead|killed；空表示全部
 	OS         string
 	Search     string // 模糊匹配 hostname/username/internal_ip
+	Suspicious bool   // 疑似误报：离线且 hostname 为 tcp_* / 用户名为 unknown / PID 为 0
 	Limit      int    // 0 表示无限制
 }

@@ -497,6 +501,11 @@ func (db *DB) ListC2Sessions(filter ListC2SessionsFilter) ([]*C2Session, error)
 		kw := "%" + filter.Search + "%"
 		args = append(args, kw, kw, kw)
 	}
+	if filter.Suspicious {
+		conditions = append(conditions, `status = 'dead' AND (
+			hostname LIKE 'tcp_%' OR LOWER(COALESCE(username,'')) = 'unknown' OR COALESCE(pid, 0) = 0
+		)`)
+	}
 	query := `
 		SELECT id, listener_id, implant_uuid, COALESCE(hostname,''), COALESCE(username,''),
 			COALESCE(os,''), COALESCE(arch,''), COALESCE(pid, 0), COALESCE(process_name,''),
@@ -554,6 +563,44 @@ func (db *DB) DeleteC2Session(id string) error {
 	return nil
 }

+// DeleteC2SessionsByIDs 按主键批量删除会话
+func (db *DB) DeleteC2SessionsByIDs(ids []string) (int64, error) {
+	if len(ids) == 0 {
+		return 0, nil
+	}
+	const maxBatch = 500
+	if len(ids) > maxBatch {
+		ids = ids[:maxBatch]
+	}
+	clean := make([]string, 0, len(ids))
+	seen := make(map[string]struct{}, len(ids))
+	for _, id := range ids {
+		id = strings.TrimSpace(id)
+		if !validC2TextIDForDelete(id) {
+			continue
+		}
+		if _, ok := seen[id]; ok {
+			continue
+		}
+		seen[id] = struct{}{}
+		clean = append(clean, id)
+	}
+	if len(clean) == 0 {
+		return 0, ErrNoValidC2SessionIDs
+	}
+	placeholders := strings.Repeat("?,", len(clean)-1) + "?"
+	args := make([]interface{}, len(clean))
+	for i := range clean {
+		args[i] = clean[i]
+	}
+	query := `DELETE FROM c2_sessions WHERE id IN (` + placeholders + `)`
+	res, err := db.Exec(query, args...)
+	if err != nil {
+		return 0, err
+	}
+	return res.RowsAffected()
+}
+
 // ----------------------------------------------------------------------------
 // CRUD：C2 任务
 // ----------------------------------------------------------------------------
@@ -1,6 +1,7 @@
 package handler

 import (
+	"database/sql"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -277,6 +278,9 @@ func (h *C2Handler) ListSessions(c *gin.Context) {
 			filter.Limit = n
 		}
 	}
+	if c.Query("suspicious") == "1" || strings.EqualFold(c.Query("suspicious"), "true") {
+		filter.Suspicious = true
+	}

 	sessions, err := h.mgr().DB().ListC2Sessions(filter)
 	if err != nil {
@@ -324,7 +328,37 @@ func (h *C2Handler) DeleteSession(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"deleted": true})
 }

-// SetSessionSleep 设置会话的 sleep/jitter
+// DeleteSessions 批量删除会话（请求体 JSON: {"ids":["s_xxx",...]}）
+func (h *C2Handler) DeleteSessions(c *gin.Context) {
+	var req struct {
+		IDs []string `json:"ids"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid json: " + err.Error()})
+		return
+	}
+	if len(req.IDs) == 0 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "ids is required"})
+		return
+	}
+	n, err := h.mgr().DB().DeleteC2SessionsByIDs(req.IDs)
+	if err != nil {
+		if errors.Is(err, database.ErrNoValidC2SessionIDs) {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		return
+	}
+	if h.audit != nil {
+		h.audit.RecordOK(c, "c2", "session_delete", "批量删除 C2 会话", "c2_session", "", map[string]interface{}{
+			"count": n, "ids": req.IDs,
+		})
+	}
+	c.JSON(http.StatusOK, gin.H{"deleted": n})
+}
+
+// SetSessionSleep 设置会话的 sleep/jitter，并下发 sleep 任务到植入体
 func (h *C2Handler) SetSessionSleep(c *gin.Context) {
 	id := c.Param("id")
 	var req struct {
@@ -335,12 +369,33 @@ func (h *C2Handler) SetSessionSleep(c *gin.Context) {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
+	if req.SleepSeconds < 1 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "sleep_seconds must be >= 1"})
+		return
+	}
+	if req.JitterPercent < 0 || req.JitterPercent > 100 {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "jitter_percent must be 0-100"})
+		return
+	}

-	if err := h.mgr().DB().SetC2SessionSleep(id, req.SleepSeconds, req.JitterPercent); err != nil {
+	task, err := h.mgr().SetSessionSleep(id, req.SleepSeconds, req.JitterPercent)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			c.JSON(http.StatusNotFound, gin.H{"error": "session not found"})
+			return
+		}
 		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}
-	c.JSON(http.StatusOK, gin.H{"updated": true})
+	out := gin.H{
+		"updated":        true,
+		"sleep_seconds":  req.SleepSeconds,
+		"jitter_percent": req.JitterPercent,
+	}
+	if task != nil {
+		out["task_id"] = task.ID
+	}
+	c.JSON(http.StatusOK, out)
 }

 // ============================================================================
@@ -1068,6 +1068,80 @@ func (h *ConfigHandler) TestOpenAI(c *gin.Context) {
 	})
 }

+// ListModelsRequest 获取模型列表请求（OpenAI 兼容 GET /models）。
+type ListModelsRequest struct {
+	Provider string `json:"provider"`
+	BaseURL  string `json:"base_url"`
+	APIKey   string `json:"api_key"`
+}
+
+// ListModels 代理调用上游 GET /models，返回可用模型 id 列表。
+func (h *ConfigHandler) ListModels(c *gin.Context) {
+	var req ListModelsRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "无效的请求参数: " + err.Error()})
+		return
+	}
+
+	provider := strings.TrimSpace(req.Provider)
+	if provider == "" {
+		provider = "openai"
+	}
+	if strings.EqualFold(provider, "claude") {
+		c.JSON(http.StatusOK, gin.H{
+			"success":   false,
+			"supported": false,
+			"error":     "Claude (Anthropic Messages API) 不支持自动获取模型列表，请手动填写",
+		})
+		return
+	}
+
+	if strings.TrimSpace(req.APIKey) == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "API Key 不能为空"})
+		return
+	}
+
+	baseURL := strings.TrimSuffix(strings.TrimSpace(req.BaseURL), "/")
+	if baseURL == "" {
+		baseURL = "https://api.openai.com/v1"
+	}
+
+	tmpCfg := &config.OpenAIConfig{
+		Provider: provider,
+		BaseURL:  baseURL,
+		APIKey:   strings.TrimSpace(req.APIKey),
+	}
+	client := openai.NewClient(tmpCfg, nil, h.logger)
+
+	ctx, cancel := context.WithTimeout(c.Request.Context(), 30*time.Second)
+	defer cancel()
+
+	models, err := client.ListModels(ctx)
+	if err != nil {
+		if apiErr, ok := err.(*openai.APIError); ok {
+			c.JSON(http.StatusOK, gin.H{
+				"success":   false,
+				"supported": true,
+				"error":     fmt.Sprintf("API 返回错误 (HTTP %d): %s", apiErr.StatusCode, apiErr.Body),
+			})
+			return
+		}
+		c.JSON(http.StatusOK, gin.H{
+			"success":   false,
+			"supported": true,
+			"error":     err.Error(),
+		})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"success":   true,
+		"supported": true,
+		"models":    models,
+		"count":     len(models),
+	})
+}
+
 // TestVisionRequest 测试 Vision 模型连接；vision.api_key/base_url 留空时可传 openai 段作回退。
 type TestVisionRequest struct {
 	Vision config.VisionConfig `json:"vision"`
@@ -5030,6 +5030,51 @@ func (h *OpenAPIHandler) GetOpenAPISpec(c *gin.Context) {
 					},
 				},
 			},
+			"/api/config/list-models": map[string]interface{}{
+				"post": map[string]interface{}{
+					"tags":        []string{"配置管理"},
+					"summary":     "获取模型列表",
+					"description": "代理调用 OpenAI 兼容 GET /models，返回可用模型 id 列表。Claude 不支持。",
+					"operationId": "listModels",
+					"requestBody": map[string]interface{}{
+						"required": true,
+						"content": map[string]interface{}{
+							"application/json": map[string]interface{}{
+								"schema": map[string]interface{}{
+									"type":     "object",
+									"required": []string{"api_key"},
+									"properties": map[string]interface{}{
+										"provider": map[string]interface{}{"type": "string", "description": "LLM提供商（openai/claude）", "example": "openai"},
+										"base_url": map[string]interface{}{"type": "string", "description": "API基地址（可选）"},
+										"api_key":  map[string]interface{}{"type": "string", "description": "API密钥"},
+									},
+								},
+							},
+						},
+					},
+					"responses": map[string]interface{}{
+						"200": map[string]interface{}{
+							"description": "获取结果",
+							"content": map[string]interface{}{
+								"application/json": map[string]interface{}{
+									"schema": map[string]interface{}{
+										"type": "object",
+										"properties": map[string]interface{}{
+											"success":   map[string]interface{}{"type": "boolean"},
+											"supported": map[string]interface{}{"type": "boolean"},
+											"error":     map[string]interface{}{"type": "string"},
+											"models":    map[string]interface{}{"type": "array", "items": map[string]interface{}{"type": "string"}},
+											"count":     map[string]interface{}{"type": "integer"},
+										},
+									},
+								},
+							},
+						},
+						"400": map[string]interface{}{"description": "参数错误"},
+						"401": map[string]interface{}{"description": "未授权"},
+					},
+				},
+			},

 			// ==================== 终端 ====================
 			"/api/terminal/run": map[string]interface{}{
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"sort"
 	"strings"
 	"time"
 	"unicode/utf8"
@@ -535,3 +536,81 @@ func (c *Client) ChatCompletionStreamWithToolCalls(

 	return full.String(), toolCalls, finishReason, nil
 }
+
+// ModelsListResponse 表示 OpenAI 兼容 GET /models 响应。
+type ModelsListResponse struct {
+	Object string `json:"object"`
+	Data   []struct {
+		ID      string `json:"id"`
+		Object  string `json:"object,omitempty"`
+		OwnedBy string `json:"owned_by,omitempty"`
+	} `json:"data"`
+}
+
+// ListModels 调用 GET {baseURL}/models 获取可用模型 id 列表（按字典序）。
+func (c *Client) ListModels(ctx context.Context) ([]string, error) {
+	if c == nil {
+		return nil, fmt.Errorf("openai client is not initialized")
+	}
+	if c.config == nil {
+		return nil, fmt.Errorf("openai config is nil")
+	}
+	if strings.TrimSpace(c.config.APIKey) == "" {
+		return nil, fmt.Errorf("openai api key is empty")
+	}
+	if c.isClaude() {
+		return nil, fmt.Errorf("claude provider does not support models list API")
+	}
+
+	baseURL := strings.TrimSuffix(c.config.BaseURL, "/")
+	if baseURL == "" {
+		baseURL = "https://api.openai.com/v1"
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, baseURL+"/models", nil)
+	if err != nil {
+		return nil, fmt.Errorf("build openai models request: %w", err)
+	}
+	req.Header.Set("Authorization", "Bearer "+c.config.APIKey)
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("call openai models api: %w", err)
+	}
+	defer resp.Body.Close()
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("read openai models response: %w", err)
+	}
+	if resp.StatusCode != http.StatusOK {
+		return nil, &APIError{
+			StatusCode: resp.StatusCode,
+			Body:       string(respBody),
+		}
+	}
+
+	var list ModelsListResponse
+	if err := json.Unmarshal(respBody, &list); err != nil {
+		return nil, fmt.Errorf("decode openai models response: %w", err)
+	}
+
+	seen := make(map[string]struct{}, len(list.Data))
+	models := make([]string, 0, len(list.Data))
+	for _, item := range list.Data {
+		id := strings.TrimSpace(item.ID)
+		if id == "" {
+			continue
+		}
+		if _, ok := seen[id]; ok {
+			continue
+		}
+		seen[id] = struct{}{}
+		models = append(models, id)
+	}
+	sort.Strings(models)
+	if len(models) == 0 {
+		return nil, fmt.Errorf("models list is empty")
+	}
+	return models, nil
+}
@@ -444,6 +444,18 @@ body {
    align-items: center;
 }

+.page-header-actions .btn-danger,
+.page-header-actions .btn-secondary,
+.page-header-actions .btn-primary {
+    padding: 7px 16px;
+    font-size: 0.875rem;
+    line-height: 1.25;
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    box-sizing: border-box;
+}
+
 .page-content {
    flex: 1;
    overflow-y: auto;
@@ -1939,6 +1939,13 @@
    "openaiBaseUrlPlaceholder": "https://api.openai.com/v1",
    "openaiApiKeyPlaceholder": "Enter OpenAI API Key",
    "modelPlaceholder": "gpt-4",
+    "fetchModels": "Fetch list",
+    "modelsListFetching": "Fetching model list...",
+    "modelsListSelectPlaceholder": "Select a model",
+    "modelsListSuccess": "Loaded {count} models — use the dropdown on the right, or type in the input",
+    "modelsListFailed": "Failed to fetch model list",
+    "modelsListNeedApiKey": "Please enter API Key first",
+    "modelsListClaudeHint": "Claude does not support auto model list; enter the model name manually",
    "maxTotalTokens": "Max Context Tokens",
    "maxTotalTokensPlaceholder": "120000",
    "maxTotalTokensHint": "Shared by memory compression and attack chain building. Default: 120000",
@@ -2684,6 +2691,11 @@
  },
  "c2": {
    "clipboardCopied": "Copied to clipboard",
+    "common": {
+      "justNow": "Just now",
+      "minutesAgo": "{{n}}m ago",
+      "hoursAgo": "{{n}}h ago"
+    },
    "fmt": {
      "durationMs": "{{n}}ms",
      "durationSec": "{{n}}s",
@@ -2741,6 +2753,8 @@
      "bindHintExternal": "Use 0.0.0.0 to allow external access",
      "callbackHost": "Callback host (optional)",
      "callbackHostHint": "Public IP or hostname stored for payloads/beacons; separate from bind address. If empty, payload generation falls back to bind address / auto-detect.",
+      "allowLegacyShell": "Allow unencrypted classic reverse shell (lab only)",
+      "allowLegacyShellHint": "Off by default. When enabled, raw bash/nc TCP connections register sessions and are vulnerable to internet scanners; use encrypted Beacon builds for production.",
      "malleableProfile": "Malleable Profile",
      "malleableProfileHint": "Optional; HTTP/HTTPS Beacon response headers and traffic disguise. Stop and start the listener again for changes to take effect.",
      "malleableProfileNone": "None",
@@ -2818,10 +2832,22 @@
      "infoFirstSeen": "First seen",
      "infoLastCheckin": "Last check-in",
      "infoNote": "Note",
+      "infoNoteEmpty": "No notes",
+      "infoSectionIdentity": "Identity",
+      "infoSectionSystem": "System",
+      "infoSectionNetwork": "Network & beacon",
+      "infoSectionTimeline": "Timeline",
+      "infoSectionNote": "Notes",
      "adminYes": "Yes",
      "adminNo": "No",
      "promptSleepSeconds": "Sleep interval (seconds)",
      "promptJitterPercent": "Jitter percent (0–100)",
+      "sleepModalHint": "Saves to the server and queues a sleep task. The implant applies it on the next task poll; later check-ins keep this config.",
+      "sleepModalTitle": "Beacon interval",
+      "sleepModalCurrent": "Current {{sec}}s · jitter {{jitter}}%",
+      "sleepModalPreview": "Estimated {{min}} – {{max}} s",
+      "sleepModalPresets": "Presets",
+      "toastSleepInvalid": "Sleep interval must be at least 1 second",
      "toastSleepUpdated": "Sleep settings updated",
      "confirmExitSession": "Send exit command to this session?",
      "confirmDeleteSession": "Remove this session and related tasks/files from the server? (Does not send exit to the implant; use Kill Session to exit the agent.)",
@@ -2839,7 +2865,25 @@
      "termWaitFinish": "Please wait for the current command to finish",
      "termCtrlC": "Remote interrupt is not supported in this version",
      "termQueued": "[Command queued — will run after the current task completes]",
-      "clearTerminal": "Clear"
+      "clearTerminal": "Clear",
+      "batchDelete": "Delete selected",
+      "deleteFiltered": "Delete filtered",
+      "selectAll": "Select all",
+      "filterAllStatus": "All statuses",
+      "filterAllListeners": "All listeners",
+      "filterSearchPlaceholder": "Search hostname / user / IP",
+      "filterApply": "Filter",
+      "filterReset": "Reset",
+      "filterSuspicious": "Likely false positives",
+      "filterCount": "{{n}} total, {{selected}} selected",
+      "emptyFilter": "No sessions match the current filters",
+      "listEmpty": "No sessions",
+      "selectPromptTitle": "Select a session",
+      "selectPromptHint": "Click a session in the list on the left to view terminal, files, and tasks.",
+      "confirmBatchDelete": "Delete {{n}} selected session(s)? Related tasks and file records will be removed.",
+      "confirmDeleteFiltered": "Delete all {{n}} session(s) in the current filter results?",
+      "toastSelectFirst": "Select at least one session to delete",
+      "toastBatchDeleted": "Deleted {{n}} session(s)"
    },
    "tasks": {
      "title": "Task Management",
@@ -2862,6 +2906,8 @@
      "pending": "Pending",
      "emptyAll": "No tasks yet",
      "emptySession": "No tasks for this session",
+      "sessionTaskHistory": "Task history",
+      "sessionTaskCount": "{{n}} tasks",
      "colTask": "Task",
      "colSession": "Session",
      "colType": "Type",
@@ -1927,6 +1927,13 @@
    "openaiBaseUrlPlaceholder": "https://api.openai.com/v1",
    "openaiApiKeyPlaceholder": "输入OpenAI API Key",
    "modelPlaceholder": "gpt-4",
+    "fetchModels": "获取列表",
+    "modelsListFetching": "正在获取模型列表...",
+    "modelsListSelectPlaceholder": "请选择模型",
+    "modelsListSuccess": "已加载 {count} 个模型，请用右侧下拉框选择，或继续在左侧输入",
+    "modelsListFailed": "获取模型列表失败",
+    "modelsListNeedApiKey": "请先填写 API Key",
+    "modelsListClaudeHint": "Claude 不支持自动获取模型列表，请手动填写",
    "maxTotalTokens": "最大上下文 Token 数",
    "maxTotalTokensPlaceholder": "120000",
    "maxTotalTokensHint": "内存压缩和攻击链构建共用此配置，默认 120000",
@@ -2672,6 +2679,11 @@
  },
  "c2": {
    "clipboardCopied": "已复制到剪贴板",
+    "common": {
+      "justNow": "刚刚",
+      "minutesAgo": "{{n}} 分钟前",
+      "hoursAgo": "{{n}} 小时前"
+    },
    "fmt": {
      "durationMs": "{{n}}ms",
      "durationSec": "{{n}}秒",
@@ -2729,6 +2741,8 @@
      "bindHintExternal": "使用 0.0.0.0 允许外部访问",
      "callbackHost": "回连地址（可选）",
      "callbackHostHint": "公网 IP 或域名，写入配置供 Payload/Beacon 使用；与「绑定地址」分离。不填则生成 Payload 时按绑定地址或自动探测。",
+      "allowLegacyShell": "允许未加密经典反弹 Shell（内网实验）",
+      "allowLegacyShellHint": "默认关闭。开启后 bash/nc 等裸 TCP 连接可登记会话，公网易被扫描器误连；生产环境请使用「生成 Beacon」加密上线。",
      "malleableProfile": "Malleable Profile",
      "malleableProfileHint": "可选；用于 HTTP/HTTPS Beacon 服务端响应头等流量伪装。修改后需停止并重新启动监听器才会生效。",
      "malleableProfileNone": "不使用",
@@ -2806,10 +2820,22 @@
      "infoFirstSeen": "首次上线",
      "infoLastCheckin": "上次心跳",
      "infoNote": "备注",
+      "infoNoteEmpty": "暂无备注",
+      "infoSectionIdentity": "身份信息",
+      "infoSectionSystem": "系统环境",
+      "infoSectionNetwork": "网络与信标",
+      "infoSectionTimeline": "时间线",
+      "infoSectionNote": "备注",
      "adminYes": "是",
      "adminNo": "否",
      "promptSleepSeconds": "Sleep 间隔（秒）",
      "promptJitterPercent": "抖动百分比（0–100）",
+      "sleepModalHint": "保存后将写入服务端并下发 sleep 任务；植入体在下次拉取任务后生效，同时后续心跳会同步该配置。",
+      "sleepModalTitle": "心跳配置",
+      "sleepModalCurrent": "当前 {{sec}} 秒 · 抖动 {{jitter}}%",
+      "sleepModalPreview": "预计间隔 {{min}} – {{max}} 秒",
+      "sleepModalPresets": "快捷",
+      "toastSleepInvalid": "Sleep 间隔至少为 1 秒",
      "toastSleepUpdated": "Sleep 设置已更新",
      "confirmExitSession": "向该会话发送退出指令？",
      "confirmDeleteSession": "从服务器删除此会话及其关联任务与文件记录？（不会向植入体发送退出；若需退出目标进程请使用「终止会话」。）",
@@ -2827,7 +2853,25 @@
      "termWaitFinish": "请等待当前命令执行完成",
      "termCtrlC": "当前版本暂不支持中断远程命令",
      "termQueued": "[命令已加入队列，将在当前任务完成后执行]",
-      "clearTerminal": "清屏"
+      "clearTerminal": "清屏",
+      "batchDelete": "批量删除",
+      "deleteFiltered": "删除筛选结果",
+      "selectAll": "全选",
+      "filterAllStatus": "全部状态",
+      "filterAllListeners": "全部监听器",
+      "filterSearchPlaceholder": "搜索主机名 / 用户 / IP",
+      "filterApply": "筛选",
+      "filterReset": "重置",
+      "filterSuspicious": "疑似误报",
+      "filterCount": "共 {{n}} 条，已选 {{selected}}",
+      "emptyFilter": "没有符合筛选条件的会话",
+      "listEmpty": "暂无会话",
+      "selectPromptTitle": "选择会话",
+      "selectPromptHint": "在左侧列表中点击一个会话，查看终端、文件与任务详情。",
+      "confirmBatchDelete": "确定删除选中的 {{n}} 个会话？关联任务与文件记录将一并清除。",
+      "confirmDeleteFiltered": "确定删除当前筛选结果中的全部 {{n}} 个会话？",
+      "toastSelectFirst": "请先勾选要删除的会话",
+      "toastBatchDeleted": "已删除 {{n}} 个会话"
    },
    "tasks": {
      "title": "任务管理",
@@ -2850,6 +2894,8 @@
      "pending": "待处理",
      "emptyAll": "暂无任务",
      "emptySession": "该会话暂无任务",
+      "sessionTaskHistory": "任务历史",
+      "sessionTaskCount": "共 {{n}} 条",
      "colTask": "任务",
      "colSession": "会话",
      "colType": "类型",
@@ -299,6 +299,7 @@ async function loadConfig(loadTools = true) {
        }

        fillVisionConfigFromCurrent(currentConfig.vision || {});
+        initModelListControls();

        // 填充FOFA配置
        const fofa = currentConfig.fofa || {};
@@ -1569,9 +1570,214 @@ function syncVisionFormEnabled() {
    if (panel) {
        panel.style.opacity = enabled ? '1' : '0.55';
        panel.querySelectorAll('input, select, textarea, a').forEach(el => {
-            if (el.id === 'test-vision-btn') return;
+            if (el.id === 'test-vision-btn' || el.id === 'fetch-vision-models-btn' || el.id === 'vision-model-select') return;
            el.disabled = !enabled;
        });
+        syncModelListFetchButtons();
+    }
+}
+
+function initModelListControls() {
+    const providerEl = document.getElementById('openai-provider');
+    if (providerEl && !providerEl.dataset.modelListBound) {
+        providerEl.dataset.modelListBound = '1';
+        providerEl.addEventListener('change', syncModelListFetchButtons);
+    }
+    const visionProv = document.getElementById('vision-provider');
+    if (visionProv && !visionProv.dataset.modelListBound) {
+        visionProv.dataset.modelListBound = '1';
+        visionProv.addEventListener('change', syncModelListFetchButtons);
+    }
+    bindModelSelect('openai');
+    bindModelSelect('vision');
+    syncModelListFetchButtons();
+}
+
+function modelSelectIds(scope) {
+    if (scope === 'vision') {
+        return { selectId: 'vision-model-select', inputId: 'vision-model' };
+    }
+    return { selectId: 'openai-model-select', inputId: 'openai-model' };
+}
+
+function bindModelSelect(scope) {
+    const { selectId, inputId } = modelSelectIds(scope);
+    const select = document.getElementById(selectId);
+    if (!select || select.dataset.bound) return;
+    select.dataset.bound = '1';
+    select.addEventListener('change', function () {
+        if (!select.value) return;
+        const input = document.getElementById(inputId);
+        if (input) input.value = select.value;
+    });
+}
+
+function resolveModelListCredentials(scope) {
+    if (scope === 'vision') {
+        const vp = (document.getElementById('vision-provider')?.value || '').trim();
+        const provider = vp || document.getElementById('openai-provider')?.value || 'openai';
+        const baseUrl = (document.getElementById('vision-base-url')?.value || '').trim()
+            || (document.getElementById('openai-base-url')?.value || '').trim();
+        const apiKey = (document.getElementById('vision-api-key')?.value || '').trim()
+            || (document.getElementById('openai-api-key')?.value || '').trim();
+        return { provider, base_url: baseUrl, api_key: apiKey };
+    }
+    return {
+        provider: document.getElementById('openai-provider')?.value || 'openai',
+        base_url: (document.getElementById('openai-base-url')?.value || '').trim(),
+        api_key: (document.getElementById('openai-api-key')?.value || '').trim()
+    };
+}
+
+function syncModelListFetchButtons() {
+    const tFn = typeof window.t === 'function' ? window.t : (k) => k;
+    const openaiProv = document.getElementById('openai-provider')?.value || 'openai';
+    const openaiBtn = document.getElementById('fetch-openai-models-btn');
+    const openaiHint = document.getElementById('fetch-openai-models-hint');
+    const openaiSelect = document.getElementById('openai-model-select');
+    const isClaudeOpenai = openaiProv === 'claude';
+    if (openaiBtn) {
+        openaiBtn.style.display = isClaudeOpenai ? 'none' : '';
+    }
+    if (openaiSelect && isClaudeOpenai) {
+        openaiSelect.style.display = 'none';
+    }
+    if (openaiHint) {
+        if (isClaudeOpenai) {
+            openaiHint.textContent = tFn('settingsBasic.modelsListClaudeHint');
+            openaiHint.style.display = '';
+        } else {
+            openaiHint.textContent = '';
+            openaiHint.style.display = 'none';
+        }
+    }
+
+    const vp = (document.getElementById('vision-provider')?.value || '').trim();
+    const visionEffectiveProv = vp || openaiProv;
+    const visionBtn = document.getElementById('fetch-vision-models-btn');
+    const visionHint = document.getElementById('fetch-vision-models-hint');
+    const visionSelect = document.getElementById('vision-model-select');
+    const isClaudeVision = visionEffectiveProv === 'claude';
+    if (visionBtn) {
+        visionBtn.style.display = isClaudeVision ? 'none' : '';
+    }
+    if (visionSelect && isClaudeVision) {
+        visionSelect.style.display = 'none';
+    }
+    if (visionHint) {
+        if (isClaudeVision) {
+            visionHint.textContent = tFn('settingsBasic.modelsListClaudeHint');
+            visionHint.style.display = '';
+        } else {
+            visionHint.textContent = '';
+            visionHint.style.display = 'none';
+        }
+    }
+}
+
+function populateModelSelect(scope, models, currentValue) {
+    const { selectId, inputId } = modelSelectIds(scope);
+    const select = document.getElementById(selectId);
+    const input = document.getElementById(inputId);
+    if (!select) return;
+    const tFn = typeof window.t === 'function' ? window.t : (k) => k;
+    select.innerHTML = '';
+    const placeholder = document.createElement('option');
+    placeholder.value = '';
+    placeholder.disabled = true;
+    placeholder.textContent = tFn('settingsBasic.modelsListSelectPlaceholder');
+    select.appendChild(placeholder);
+
+    const seen = new Set();
+    const addOption = (id) => {
+        const val = (id || '').trim();
+        if (!val || seen.has(val)) return;
+        seen.add(val);
+        const opt = document.createElement('option');
+        opt.value = val;
+        opt.textContent = val;
+        select.appendChild(opt);
+    };
+    (models || []).forEach(addOption);
+    const cur = (currentValue || (input && input.value) || '').trim();
+    if (cur && seen.has(cur)) {
+        select.value = cur;
+    } else {
+        select.value = '';
+    }
+    select.style.display = select.options.length > 1 ? '' : 'none';
+}
+
+async function fetchModelList(scope) {
+    const tFn = typeof window.t === 'function' ? window.t : (k) => k;
+    const creds = resolveModelListCredentials(scope);
+    const btnId = scope === 'vision' ? 'fetch-vision-models-btn' : 'fetch-openai-models-btn';
+    const resultId = scope === 'vision' ? 'fetch-vision-models-result' : 'fetch-openai-models-result';
+    const inputId = scope === 'vision' ? 'vision-model' : 'openai-model';
+    const btn = document.getElementById(btnId);
+    const resultEl = document.getElementById(resultId);
+    const inputEl = document.getElementById(inputId);
+
+    if (creds.provider === 'claude') {
+        if (resultEl) {
+            resultEl.textContent = tFn('settingsBasic.modelsListClaudeHint');
+            resultEl.style.color = 'var(--text-muted, #718096)';
+        }
+        return;
+    }
+    if (!creds.api_key) {
+        if (resultEl) {
+            resultEl.textContent = tFn('settingsBasic.modelsListNeedApiKey');
+            resultEl.style.color = 'var(--error-color, #e53e3e)';
+        }
+        return;
+    }
+
+    if (btn) {
+        btn.style.pointerEvents = 'none';
+        btn.style.opacity = '0.5';
+    }
+    if (resultEl) {
+        resultEl.textContent = tFn('settingsBasic.modelsListFetching');
+        resultEl.style.color = 'var(--text-muted, #718096)';
+    }
+
+    try {
+        const response = await apiFetch('/api/config/list-models', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(creds)
+        });
+        const result = await response.json();
+        if (!response.ok) {
+            throw new Error(result.error || '请求失败');
+        }
+        if (!result.success) {
+            if (resultEl) {
+                resultEl.textContent = (result.supported === false
+                    ? tFn('settingsBasic.modelsListClaudeHint')
+                    : tFn('settingsBasic.modelsListFailed')) + ': ' + (result.error || '');
+                resultEl.style.color = 'var(--error-color, #e53e3e)';
+            }
+            return;
+        }
+        const currentValue = inputEl ? inputEl.value.trim() : '';
+        populateModelSelect(scope, result.models || [], currentValue);
+        if (resultEl) {
+            const count = result.count != null ? result.count : (result.models || []).length;
+            resultEl.textContent = tFn('settingsBasic.modelsListSuccess').replace('{count}', String(count));
+            resultEl.style.color = 'var(--success-color, #38a169)';
+        }
+    } catch (error) {
+        if (resultEl) {
+            resultEl.textContent = tFn('settingsBasic.modelsListFailed') + ': ' + error.message;
+            resultEl.style.color = 'var(--error-color, #e53e3e)';
+        }
+    } finally {
+        if (btn) {
+            btn.style.pointerEvents = '';
+            btn.style.opacity = '';
+        }
    }
 }

@@ -2035,12 +2035,17 @@
                    <div class="page-header">
                        <h2 data-i18n="c2.sessions.title">会话管理</h2>
                        <div class="page-header-actions">
+                            <button type="button" class="btn-danger" id="c2-sessions-batch-delete" disabled onclick="C2.deleteSelectedSessions()"><span data-i18n="c2.sessions.batchDelete">批量删除</span></button>
+                            <button type="button" class="btn-secondary" id="c2-sessions-delete-filtered" disabled onclick="C2.deleteFilteredSessions()"><span data-i18n="c2.sessions.deleteFiltered">删除筛选结果</span></button>
                            <button class="btn-secondary" onclick="C2.loadSessions()"><span data-i18n="common.refresh">刷新</span></button>
                        </div>
                    </div>
                    <div class="page-content" style="padding:0;">
                        <div class="c2-session-layout">
-                            <div id="c2-session-list" class="c2-session-sidebar"></div>
+                            <div class="c2-session-sidebar-wrap">
+                                <div id="c2-session-toolbar" class="c2-sessions-toolbar"></div>
+                                <div id="c2-session-list" class="c2-session-sidebar"></div>
+                            </div>
                            <div id="c2-session-main" class="c2-session-main"></div>
                        </div>
                    </div>
@@ -2408,7 +2413,15 @@
                                        </div>
                                        <div class="form-group">
                                            <label for="openai-model"><span data-i18n="settingsBasic.model">模型</span> <span style="color: red;">*</span></label>
-                                            <input type="text" id="openai-model" data-i18n="settingsBasic.modelPlaceholder" data-i18n-attr="placeholder" placeholder="gpt-4" required />
+                                            <div style="display: flex; gap: 8px; align-items: center; flex-wrap: wrap;">
+                                                <input type="text" id="openai-model" data-i18n="settingsBasic.modelPlaceholder" data-i18n-attr="placeholder" placeholder="gpt-4" required style="flex: 1; min-width: 140px;" />
+                                                <select id="openai-model-select" class="model-pick-select" style="display: none; min-width: 160px; max-width: 240px;" title="">
+                                                    <option value="" disabled data-i18n="settingsBasic.modelsListSelectPlaceholder">请选择模型</option>
+                                                </select>
+                                                <a href="javascript:void(0)" id="fetch-openai-models-btn" onclick="fetchModelList('openai')" style="font-size: 0.8125rem; color: var(--accent-color, #3182ce); text-decoration: none; cursor: pointer; user-select: none; white-space: nowrap;" data-i18n="settingsBasic.fetchModels">获取列表</a>
+                                            </div>
+                                            <small id="fetch-openai-models-hint" class="form-hint" style="display: none; font-size: 0.75rem; margin-top: 4px;"></small>
+                                            <span id="fetch-openai-models-result" style="font-size: 0.75rem; margin-top: 2px; display: block;"></span>
                                        </div>
                                        <div class="form-group">
                                            <label for="openai-max-total-tokens"><span data-i18n="settingsBasic.maxTotalTokens">最大上下文 Token 数</span></label>
@@ -2486,7 +2499,15 @@
                                            </div>
                                            <div class="form-group">
                                                <label for="vision-model"><span data-i18n="settingsBasic.visionModel">视觉模型</span> <span style="color: red;">*</span></label>
-                                                <input type="text" id="vision-model" data-i18n="settingsBasic.visionModelPlaceholder" data-i18n-attr="placeholder" placeholder="qwen-vl-max" />
+                                                <div style="display: flex; gap: 8px; align-items: center; flex-wrap: wrap;">
+                                                    <input type="text" id="vision-model" data-i18n="settingsBasic.visionModelPlaceholder" data-i18n-attr="placeholder" placeholder="qwen-vl-max" style="flex: 1; min-width: 140px;" />
+                                                    <select id="vision-model-select" class="model-pick-select" style="display: none; min-width: 160px; max-width: 240px;">
+                                                        <option value="" disabled data-i18n="settingsBasic.modelsListSelectPlaceholder">请选择模型</option>
+                                                    </select>
+                                                    <a href="javascript:void(0)" id="fetch-vision-models-btn" onclick="fetchModelList('vision')" style="font-size: 0.8125rem; color: var(--accent-color, #3182ce); text-decoration: none; cursor: pointer; user-select: none; white-space: nowrap;" data-i18n="settingsBasic.fetchModels">获取列表</a>
+                                                </div>
+                                                <small id="fetch-vision-models-hint" class="form-hint" style="display: none; font-size: 0.75rem; margin-top: 4px;"></small>
+                                                <span id="fetch-vision-models-result" style="font-size: 0.75rem; margin-top: 2px; display: block;"></span>
                                            </div>
                                            <details style="margin-top: 8px;">
                                                <summary style="cursor: pointer; font-size: 0.875rem; color: var(--accent-color, #3182ce);" data-i18n="settingsBasic.visionAdvanced">高级：预处理与限制</summary>
Author	SHA1	Message	Date
公明	8d622f63ff	Update version to v1.6.40 in config.yaml	2026-06-18 23:24:14 +08:00
公明	20b05146fb	Add files via upload	2026-06-18 23:23:48 +08:00
公明	d8768eae76	Add files via upload	2026-06-18 23:21:58 +08:00
公明	9232cee38d	Add files via upload	2026-06-18 23:20:39 +08:00
公明	6c975e63d2	Add files via upload	2026-06-18 23:19:09 +08:00
公明	e175523b82	Add files via upload	2026-06-18 23:17:30 +08:00
公明	ae23427d9e	Add files via upload	2026-06-18 21:53:20 +08:00
公明	93a2504ce3	Add files via upload	2026-06-18 21:52:36 +08:00
公明	09b0479fb3	Add files via upload	2026-06-18 21:50:44 +08:00
公明	2bdc9d4fe0	Add files via upload	2026-06-18 21:48:33 +08:00
公明	01b3d8056c	Add files via upload	2026-06-18 21:09:00 +08:00