@vitronai/alethia 0.3.7 → 0.3.9

package/demo/crypto-readiness.html

@@ -0,0 +1,237 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Post-Quantum Cryptographic Readiness Assessment</title>
+  <style>
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body { font-family: 'SF Mono', 'Fira Code', monospace; background: #080c14; color: #c8d6e5; min-height: 100vh; padding: 1rem; font-size: 0.85rem; }
+    .header { display: flex; justify-content: space-between; align-items: center; border-bottom: 1px solid #1a2744; padding-bottom: 0.8rem; margin-bottom: 1rem; }
+    h1 { font-size: 1.1rem; color: #e2e8f0; }
+    .classification { background: #7f1d1d; color: #fca5a5; padding: 0.2rem 0.6rem; border-radius: 4px; font-size: 0.7rem; font-weight: 700; letter-spacing: 0.08em; }
+    .mandate-bar { padding: 0.6rem 1rem; border-radius: 6px; background: #111d30; border: 1px solid #3a8fd4; margin-bottom: 1rem; font-size: 0.8rem; color: #7eb8da; }
+    .mandate-bar strong { color: #00bfff; }
+    .grid { display: grid; grid-template-columns: 1fr 1fr; gap: 1rem; }
+    .panel { background: #0d1525; border: 1px solid #1a2744; border-radius: 8px; padding: 1rem; }
+    .panel h2 { font-size: 0.85rem; color: #7eb8da; margin-bottom: 0.8rem; text-transform: uppercase; letter-spacing: 0.08em; }
+    .full-width { grid-column: 1 / -1; }
+    .score-ring { display: flex; align-items: center; gap: 1.5rem; margin-bottom: 1rem; }
+    .score-value { font-size: 3rem; font-weight: 700; }
+    .score-good { color: #00cc66; }
+    .score-warn { color: #ffd700; }
+    .score-fail { color: #ff4444; }
+    .score-label { color: #5a7a9e; font-size: 0.9rem; }
+    .check-row { display: flex; justify-content: space-between; align-items: center; padding: 0.5rem 0; border-bottom: 1px solid #111d30; }
+    .check-pass { color: #00cc66; font-weight: 600; }
+    .check-fail { color: #ff4444; font-weight: 600; }
+    .check-warn { color: #ffd700; font-weight: 600; }
+    .check-detail { color: #5a7a9e; font-size: 0.75rem; }
+    .system-card { background: #111d30; border: 1px solid #1a2744; border-radius: 6px; padding: 0.8rem; margin-bottom: 0.5rem; }
+    .system-name { color: #e2e8f0; font-weight: 600; }
+    .system-status { display: inline-block; padding: 0.1rem 0.4rem; border-radius: 3px; font-size: 0.7rem; }
+    .pqc-ready { background: #001a0a; color: #00cc66; border: 1px solid #00cc66; }
+    .pqc-partial { background: #1a1400; color: #ffd700; border: 1px solid #ffd700; }
+    .pqc-vulnerable { background: #1a0808; color: #ff4444; border: 1px solid #ff4444; }
+    .algo-table { width: 100%; border-collapse: collapse; font-size: 0.78rem; }
+    .algo-table th { text-align: left; padding: 0.4rem; color: #5a7a9e; border-bottom: 1px solid #1a2744; font-size: 0.7rem; text-transform: uppercase; }
+    .algo-table td { padding: 0.4rem; border-bottom: 1px solid #111d30; }
+    .algo-deprecated { color: #ff4444; text-decoration: line-through; }
+    .algo-approved { color: #00cc66; }
+    .algo-transition { color: #ffd700; }
+    button { padding: 0.3rem 0.6rem; border-radius: 4px; border: 1px solid #1a2744; background: #111d30; color: #7eb8da; cursor: pointer; font: inherit; font-size: 0.72rem; }
+    .btn-migrate { border-color: #00bfff; color: #00bfff; }
+    .btn-revoke { border-color: #ff4444; color: #ff4444; }
+    .btn-audit { border-color: #00cc66; color: #00cc66; }
+    .actions { display: flex; gap: 0.4rem; margin-top: 0.5rem; }
+    .timeline-item { padding: 0.4rem 0; border-bottom: 1px solid #111d30; font-size: 0.78rem; }
+    .timeline-date { color: #5a7a9e; display: inline-block; min-width: 90px; }
+    .modal { display: none; position: fixed; inset: 0; background: rgba(0,0,0,0.8); z-index: 100; align-items: center; justify-content: center; }
+    .modal.visible { display: flex; }
+    .modal-content { background: #0d1525; border: 1px solid #ff4444; border-radius: 8px; padding: 1.5rem; max-width: 460px; }
+    .modal-content h3 { color: #ff4444; margin-bottom: 0.6rem; }
+    .modal-content p { color: #7eb8da; margin-bottom: 1rem; line-height: 1.6; font-size: 0.85rem; }
+    .modal-actions { display: flex; gap: 0.6rem; justify-content: flex-end; }
+    .response-banner { display: none; padding: 0.6rem 1rem; border-radius: 6px; margin-bottom: 1rem; font-weight: 600; font-size: 0.8rem; }
+    .response-banner.visible { display: block; }
+    .cert-card { background: #111d30; border: 1px solid #1a2744; border-radius: 6px; padding: 0.6rem; margin-bottom: 0.4rem; display: flex; justify-content: space-between; align-items: center; }
+    .cert-info { display: flex; flex-direction: column; gap: 0.1rem; }
+    .cert-cn { color: #e2e8f0; }
+    .cert-algo { font-size: 0.7rem; }
+    .cert-expiry { color: #5a7a9e; font-size: 0.7rem; }
+  </style>
+</head>
+<body>
+  <div class="header">
+    <div>
+      <h1>Post-Quantum Cryptographic Readiness</h1>
+      <span style="color:#5a7a9e;font-size:0.75rem">Assessment ID: PQC-2026-047 &bull; Scope: All production systems &bull; Assessor: crypto-team-lead</span>
+    </div>
+    <span class="classification">SECRET</span>
+  </div>
+
+  <div class="mandate-bar">
+    <strong>NSM-10 Compliance Deadline: January 2030</strong> — All national security systems must migrate to quantum-resistant cryptography. Current readiness: <strong style="color:#ffd700">62%</strong>
+  </div>
+
+  <div id="response-banner" class="response-banner"></div>
+
+  <div class="grid">
+    <div class="panel">
+      <h2>Overall Readiness Score</h2>
+      <div class="score-ring">
+        <span class="score-value score-warn">62%</span>
+        <div>
+          <div class="score-label">Post-Quantum Ready</div>
+          <div style="color:#5a7a9e;font-size:0.75rem;margin-top:0.3rem">
+            18 of 29 systems migrated<br>
+            4 systems in transition<br>
+            7 systems using deprecated algorithms
+          </div>
+        </div>
+      </div>
+      <div class="check-row"><span>ML-KEM (Kyber) key exchange</span><span class="check-pass">18 systems</span></div>
+      <div class="check-row"><span>ML-DSA (Dilithium) signatures</span><span class="check-warn">14 systems</span></div>
+      <div class="check-row"><span>SLH-DSA (SPHINCS+) backup</span><span class="check-fail">3 systems</span></div>
+      <div class="check-row"><span>Hybrid TLS 1.3 + PQC</span><span class="check-warn">9 systems</span></div>
+      <div class="check-row"><span>RSA-2048 still in use</span><span class="check-fail">7 systems — MUST MIGRATE</span></div>
+    </div>
+
+    <div class="panel">
+      <h2>System Inventory</h2>
+      <div class="system-card">
+        <div style="display:flex;justify-content:space-between;align-items:center">
+          <span class="system-name">PKI Root CA</span>
+          <span class="system-status pqc-ready">PQC READY</span>
+        </div>
+        <div style="color:#5a7a9e;font-size:0.75rem;margin-top:0.2rem">ML-DSA-65 signatures, ML-KEM-768 key encapsulation</div>
+      </div>
+      <div class="system-card">
+        <div style="display:flex;justify-content:space-between;align-items:center">
+          <span class="system-name">VPN Gateway Cluster</span>
+          <span class="system-status pqc-partial">HYBRID MODE</span>
+        </div>
+        <div style="color:#5a7a9e;font-size:0.75rem;margin-top:0.2rem">TLS 1.3 + ML-KEM hybrid, RSA fallback for legacy clients</div>
+      </div>
+      <div class="system-card">
+        <div style="display:flex;justify-content:space-between;align-items:center">
+          <span class="system-name">Email Gateway (S/MIME)</span>
+          <span class="system-status pqc-vulnerable">VULNERABLE</span>
+        </div>
+        <div style="color:#5a7a9e;font-size:0.75rem;margin-top:0.2rem">RSA-2048 certificates — harvest-now-decrypt-later risk</div>
+        <div class="actions">
+          <button class="btn-migrate" id="migrate-email">Initiate Migration</button>
+          <button class="btn-revoke" id="revoke-email">Revoke RSA Certs</button>
+        </div>
+      </div>
+      <div class="system-card">
+        <div style="display:flex;justify-content:space-between;align-items:center">
+          <span class="system-name">SCADA Control Network</span>
+          <span class="system-status pqc-vulnerable">VULNERABLE</span>
+        </div>
+        <div style="color:#5a7a9e;font-size:0.75rem;margin-top:0.2rem">Legacy ECDSA-P256 — no PQC path without firmware upgrade</div>
+        <div class="actions">
+          <button class="btn-audit" id="audit-scada">Full Audit</button>
+        </div>
+      </div>
+    </div>
+
+    <div class="panel">
+      <h2>Algorithm Inventory</h2>
+      <table class="algo-table">
+        <thead><tr><th>Algorithm</th><th>Usage</th><th>Status</th><th>Replacement</th></tr></thead>
+        <tbody>
+          <tr><td class="algo-deprecated">RSA-2048</td><td>7 systems</td><td class="check-fail">DEPRECATED</td><td>ML-DSA-65</td></tr>
+          <tr><td class="algo-deprecated">ECDSA P-256</td><td>4 systems</td><td class="check-fail">DEPRECATED</td><td>ML-DSA-44</td></tr>
+          <tr><td class="algo-transition">ECDH P-384</td><td>4 systems</td><td class="check-warn">TRANSITION</td><td>ML-KEM-768</td></tr>
+          <tr><td class="algo-approved">ML-KEM-768</td><td>18 systems</td><td class="check-pass">APPROVED</td><td>—</td></tr>
+          <tr><td class="algo-approved">ML-DSA-65</td><td>14 systems</td><td class="check-pass">APPROVED</td><td>—</td></tr>
+          <tr><td class="algo-approved">SLH-DSA-128s</td><td>3 systems</td><td class="check-pass">APPROVED</td><td>—</td></tr>
+        </tbody>
+      </table>
+    </div>
+
+    <div class="panel">
+      <h2>Certificates at Risk</h2>
+      <div class="cert-card">
+        <div class="cert-info">
+          <span class="cert-cn">CN=mail.agency.gov</span>
+          <span class="cert-algo algo-deprecated">RSA-2048 / SHA-256</span>
+          <span class="cert-expiry">Expires: 2027-03-15</span>
+        </div>
+        <button class="btn-revoke" id="revoke-mail">Revoke</button>
+      </div>
+      <div class="cert-card">
+        <div class="cert-info">
+          <span class="cert-cn">CN=vpn-legacy.agency.gov</span>
+          <span class="cert-algo algo-deprecated">RSA-2048 / SHA-256</span>
+          <span class="cert-expiry">Expires: 2026-11-30</span>
+        </div>
+        <button class="btn-revoke" id="revoke-vpn">Revoke</button>
+      </div>
+      <div class="cert-card">
+        <div class="cert-info">
+          <span class="cert-cn">CN=scada.internal</span>
+          <span class="cert-algo algo-deprecated">ECDSA P-256 / SHA-256</span>
+          <span class="cert-expiry">Expires: 2028-06-01</span>
+        </div>
+        <button class="btn-revoke" id="revoke-scada">Revoke</button>
+      </div>
+    </div>
+
+    <div class="panel full-width">
+      <h2>Migration Timeline</h2>
+      <div class="timeline-item"><span class="timeline-date">2026-Q1</span> <span class="check-pass">COMPLETE</span> — PKI Root CA migrated to ML-DSA-65</div>
+      <div class="timeline-item"><span class="timeline-date">2026-Q2</span> <span class="check-pass">COMPLETE</span> — VPN gateways upgraded to hybrid TLS 1.3 + ML-KEM</div>
+      <div class="timeline-item"><span class="timeline-date">2026-Q3</span> <span class="check-warn">IN PROGRESS</span> — Email gateway S/MIME migration to ML-DSA</div>
+      <div class="timeline-item"><span class="timeline-date">2027-Q1</span> <span style="color:#5a7a9e">PLANNED</span> — Legacy client RSA fallback removal</div>
+      <div class="timeline-item"><span class="timeline-date">2027-Q3</span> <span style="color:#5a7a9e">PLANNED</span> — SCADA firmware upgrade for PQC support</div>
+      <div class="timeline-item"><span class="timeline-date">2029-Q4</span> <span style="color:#5a7a9e">DEADLINE</span> — NSM-10 full compliance required</div>
+    </div>
+  </div>
+
+  <div id="action-modal" class="modal">
+    <div class="modal-content">
+      <h3 id="modal-title">Confirm Action</h3>
+      <p id="modal-text"></p>
+      <div class="modal-actions">
+        <button id="cancel-action" style="background:#111d30;color:#7eb8da;border-color:#1a2744">Cancel</button>
+        <button class="btn-revoke" id="confirm-action" style="font-weight:700">Confirm</button>
+      </div>
+    </div>
+  </div>
+
+  <script>
+    function showModal(title, text) {
+      document.getElementById('modal-title').textContent = title;
+      document.getElementById('modal-text').textContent = text;
+      document.getElementById('action-modal').classList.add('visible');
+    }
+    document.getElementById('cancel-action').addEventListener('click', function() {
+      document.getElementById('action-modal').classList.remove('visible');
+    });
+    document.getElementById('confirm-action').addEventListener('click', function() {
+      document.getElementById('action-modal').classList.remove('visible');
+      var banner = document.getElementById('response-banner');
+      banner.className = 'response-banner visible';
+      banner.style.background = '#001a0a';
+      banner.style.border = '1px solid #00cc66';
+      banner.style.color = '#00cc66';
+      banner.textContent = 'Action executed. Audit record created.';
+    });
+    document.getElementById('migrate-email').addEventListener('click', function() {
+      showModal('Initiate PQC Migration', 'This will begin the migration of the email gateway from RSA-2048 to ML-DSA-65 certificates. All existing S/MIME certificates will be re-issued. Users will need to re-enroll. Estimated downtime: 4 hours.');
+    });
+    document.getElementById('revoke-email').addEventListener('click', function() {
+      showModal('Revoke RSA Certificates', 'This will immediately revoke all RSA-2048 certificates for the email gateway. Email signing and encryption will be unavailable until PQC certificates are issued. This action is irreversible.');
+    });
+    document.getElementById('audit-scada').addEventListener('click', function() {
+      showModal('Full SCADA Cryptographic Audit', 'This will initiate a comprehensive audit of all cryptographic primitives used by the SCADA control network. The audit will scan firmware, certificates, key stores, and protocol configurations. Estimated duration: 6 hours.');
+    });
+    document.querySelectorAll('.btn-revoke').forEach(function(btn) {
+      if (btn.id === 'confirm-action') return;
+      btn.addEventListener('click', function() {
+        showModal('Revoke Certificate', 'This will immediately revoke this certificate and publish it to the CRL. Any systems relying on this certificate will lose TLS/authentication capability until a replacement is issued. This action is irreversible and requires CISO approval.');
+      });
+    });
+  </script>
+</body>
+</html>

package/demo/financial-dashboard.html

@@ -0,0 +1,97 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Trading Platform — Risk Monitor</title>
+  <style>
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body { font-family: -apple-system, sans-serif; background: #0a0e17; color: #e2e8f0; min-height: 100vh; padding: 1.5rem; }
+    h1 { font-size: 1.4rem; margin-bottom: 0.3rem; }
+    .subtitle { color: #64748b; font-size: 0.85rem; margin-bottom: 1.5rem; }
+    .risk-banner { padding: 0.6rem 1rem; border-radius: 8px; margin-bottom: 1.5rem; font-weight: 600; }
+    .risk-low { background: #14532d; border: 1px solid #22c55e; color: #86efac; }
+    .risk-medium { background: #78350f; border: 1px solid #f59e0b; color: #fde68a; }
+    .risk-high { background: #7f1d1d; border: 1px solid #ef4444; color: #fca5a5; }
+    .metrics { display: grid; grid-template-columns: repeat(4, 1fr); gap: 1rem; margin-bottom: 1.5rem; }
+    .metric { background: #111827; border: 1px solid #1e293b; border-radius: 12px; padding: 1rem; }
+    .metric-label { color: #64748b; font-size: 0.8rem; margin-bottom: 0.3rem; }
+    .metric-value { font-size: 1.6rem; font-weight: 700; }
+    .metric-value.positive { color: #34d399; }
+    .metric-value.negative { color: #f87171; }
+    .metric-value.neutral { color: #3b82f6; }
+    .positions { background: #111827; border: 1px solid #1e293b; border-radius: 12px; padding: 1.2rem; margin-bottom: 1.5rem; }
+    .positions h2 { font-size: 1.1rem; margin-bottom: 0.8rem; }
+    table { width: 100%; border-collapse: collapse; font-size: 0.85rem; }
+    th { text-align: left; padding: 0.5rem; color: #64748b; border-bottom: 1px solid #1e293b; }
+    td { padding: 0.5rem; border-bottom: 1px solid #0f172a; }
+    .pnl-positive { color: #34d399; }
+    .pnl-negative { color: #f87171; }
+    .trade-actions { display: flex; gap: 1rem; margin-top: 1rem; }
+    .trade-btn { padding: 0.6rem 1.2rem; border-radius: 8px; border: none; font-weight: 600; cursor: pointer; font-size: 0.9rem; }
+    .btn-buy { background: #14532d; color: #86efac; }
+    .btn-sell { background: #7f1d1d; color: #fca5a5; }
+    .btn-liquidate { background: #991b1b; color: white; }
+    .compliance { background: #111827; border: 1px solid #1e293b; border-radius: 12px; padding: 1.2rem; }
+    .compliance h2 { font-size: 1.1rem; margin-bottom: 0.8rem; }
+    .check-item { display: flex; justify-content: space-between; padding: 0.4rem 0; border-bottom: 1px solid #0f172a; }
+    .check-pass { color: #34d399; }
+    .check-fail { color: #f87171; }
+    .check-warn { color: #fbbf24; }
+  </style>
+</head>
+<body>
+  <h1>Risk Monitor</h1>
+  <p class="subtitle">Live · Last update: 2 seconds ago · Market: NYSE · Session: Pre-market</p>
+
+  <div id="risk-banner" class="risk-banner risk-medium" role="alert">
+    RISK LEVEL: MEDIUM — Portfolio exposure approaching limit (82% of max)
+  </div>
+
+  <div class="metrics">
+    <div class="metric">
+      <div class="metric-label">Portfolio Value</div>
+      <div class="metric-value neutral">$4.2M</div>
+    </div>
+    <div class="metric">
+      <div class="metric-label">Day P&L</div>
+      <div class="metric-value positive">+$127,430</div>
+    </div>
+    <div class="metric">
+      <div class="metric-label">Open Positions</div>
+      <div class="metric-value neutral">14</div>
+    </div>
+    <div class="metric">
+      <div class="metric-label">Margin Used</div>
+      <div class="metric-value negative">82%</div>
+    </div>
+  </div>
+
+  <div class="positions">
+    <h2>Open Positions</h2>
+    <table>
+      <thead>
+        <tr><th>Symbol</th><th>Qty</th><th>Avg Cost</th><th>Current</th><th>P&L</th><th>Risk</th></tr>
+      </thead>
+      <tbody>
+        <tr><td>AAPL</td><td>5,000</td><td>$178.42</td><td>$182.15</td><td class="pnl-positive">+$18,650</td><td>Low</td></tr>
+        <tr><td>TSLA</td><td>2,000</td><td>$245.80</td><td>$238.20</td><td class="pnl-negative">-$15,200</td><td>Medium</td></tr>
+        <tr><td>NVDA</td><td>1,500</td><td>$890.00</td><td>$912.50</td><td class="pnl-positive">+$33,750</td><td>Low</td></tr>
+        <tr><td>GME</td><td>10,000</td><td>$28.40</td><td>$24.15</td><td class="pnl-negative">-$42,500</td><td>High</td></tr>
+      </tbody>
+    </table>
+    <div class="trade-actions">
+      <button class="trade-btn btn-buy" id="buy-btn">Buy</button>
+      <button class="trade-btn btn-sell" id="sell-btn">Sell Position</button>
+      <button class="trade-btn btn-liquidate" id="liquidate-btn">Liquidate All</button>
+    </div>
+  </div>
+
+  <div class="compliance">
+    <h2>Compliance Checks</h2>
+    <div class="check-item"><span>Position concentration limit (< 25%)</span><span class="check-pass">PASS</span></div>
+    <div class="check-item"><span>Margin requirement (< 85%)</span><span class="check-warn">WARNING — 82%</span></div>
+    <div class="check-item"><span>Daily loss limit (< $100K)</span><span class="check-pass">PASS</span></div>
+    <div class="check-item"><span>Restricted securities check</span><span class="check-pass">CLEAR</span></div>
+    <div class="check-item"><span>Pre-trade risk approval</span><span class="check-fail">REQUIRED for trades > $500K</span></div>
+  </div>
+</body>
+</html>

package/demo/incident-response.html

@@ -0,0 +1,267 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>SIEM — Incident Response Console</title>
+  <style>
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body { font-family: 'SF Mono', 'Fira Code', monospace; background: #080c14; color: #c8d6e5; min-height: 100vh; padding: 1rem; font-size: 0.85rem; }
+    .header { display: flex; justify-content: space-between; align-items: center; border-bottom: 1px solid #1a2744; padding-bottom: 0.8rem; margin-bottom: 1rem; }
+    .header h1 { font-size: 1.1rem; color: #e2e8f0; font-weight: 600; }
+    .severity-critical { color: #ff4444; font-weight: 700; animation: pulse 1.5s ease-in-out infinite; }
+    @keyframes pulse { 0%, 100% { opacity: 1; } 50% { opacity: 0.5; } }
+    .severity-high { color: #ff8c00; }
+    .severity-medium { color: #ffd700; }
+    .severity-low { color: #00bfff; }
+    .status-bar { display: flex; gap: 2rem; color: #5a7a9e; font-size: 0.75rem; }
+    .grid { display: grid; grid-template-columns: 1fr 1fr; gap: 1rem; }
+    .panel { background: #0d1525; border: 1px solid #1a2744; border-radius: 8px; padding: 1rem; }
+    .panel h2 { font-size: 0.9rem; color: #7eb8da; margin-bottom: 0.8rem; text-transform: uppercase; letter-spacing: 0.08em; }
+    .alert-row { display: flex; justify-content: space-between; align-items: center; padding: 0.5rem 0; border-bottom: 1px solid #111d30; }
+    .alert-row:last-child { border-bottom: none; }
+    .alert-info { display: flex; flex-direction: column; gap: 0.15rem; }
+    .alert-id { color: #5a7a9e; font-size: 0.7rem; }
+    .alert-msg { color: #c8d6e5; }
+    .alert-source { color: #5a7a9e; font-size: 0.7rem; }
+    .actions { display: flex; gap: 0.4rem; }
+    button { padding: 0.3rem 0.6rem; border-radius: 4px; border: 1px solid #1a2744; background: #111d30; color: #7eb8da; cursor: pointer; font: inherit; font-size: 0.75rem; }
+    button:hover { border-color: #3a8fd4; }
+    .btn-acknowledge { border-color: #00bfff; color: #00bfff; }
+    .btn-escalate { border-color: #ff8c00; color: #ff8c00; }
+    .btn-isolate { border-color: #ff4444; color: #ff4444; }
+    .btn-quarantine { border-color: #ff4444; color: #ff4444; background: #1a0808; }
+    .log-feed { max-height: 200px; overflow-y: auto; font-size: 0.75rem; }
+    .log-entry { padding: 0.2rem 0; display: flex; gap: 0.6rem; }
+    .log-ts { color: #3a5570; min-width: 80px; }
+    .log-level-crit { color: #ff4444; }
+    .log-level-warn { color: #ffd700; }
+    .log-level-info { color: #00bfff; }
+    .ioc-list { list-style: none; }
+    .ioc-item { padding: 0.4rem 0; border-bottom: 1px solid #111d30; display: flex; justify-content: space-between; }
+    .ioc-value { color: #ff8c00; }
+    .ioc-type { color: #5a7a9e; font-size: 0.7rem; }
+    .timeline { list-style: none; position: relative; padding-left: 1.2rem; }
+    .timeline::before { content: ''; position: absolute; left: 4px; top: 0; bottom: 0; width: 1px; background: #1a2744; }
+    .timeline li { padding: 0.4rem 0; position: relative; }
+    .timeline li::before { content: ''; position: absolute; left: -1.2rem; top: 0.55rem; width: 8px; height: 8px; border-radius: 50%; background: #1a2744; border: 1px solid #3a5570; }
+    .timeline li.active::before { background: #ff4444; border-color: #ff4444; box-shadow: 0 0 6px #ff4444; }
+    .host-card { background: #111d30; border: 1px solid #1a2744; border-radius: 6px; padding: 0.6rem; margin-bottom: 0.5rem; }
+    .host-name { color: #e2e8f0; font-weight: 600; }
+    .host-ip { color: #5a7a9e; }
+    .host-status { display: inline-block; padding: 0.1rem 0.4rem; border-radius: 3px; font-size: 0.7rem; }
+    .host-compromised { background: #1a0808; color: #ff4444; border: 1px solid #ff4444; }
+    .host-at-risk { background: #1a1400; color: #ffd700; border: 1px solid #ffd700; }
+    .host-clean { background: #001a0a; color: #00cc66; border: 1px solid #00cc66; }
+    .modal { display: none; position: fixed; inset: 0; background: rgba(0,0,0,0.8); z-index: 100; align-items: center; justify-content: center; }
+    .modal.visible { display: flex; }
+    .modal-content { background: #0d1525; border: 1px solid #ff4444; border-radius: 8px; padding: 1.5rem; max-width: 420px; }
+    .modal-content h3 { color: #ff4444; margin-bottom: 0.6rem; }
+    .modal-content p { color: #7eb8da; margin-bottom: 1rem; font-size: 0.85rem; line-height: 1.5; }
+    .modal-actions { display: flex; gap: 0.6rem; justify-content: flex-end; }
+    .btn-cancel { background: #111d30; color: #7eb8da; }
+    .btn-confirm-isolate { background: #1a0808; border-color: #ff4444; color: #ff4444; font-weight: 700; }
+    .response-banner { display: none; padding: 0.6rem 1rem; border-radius: 6px; margin-bottom: 1rem; font-weight: 600; }
+    .response-banner.visible { display: block; }
+    .response-success { background: #001a0a; border: 1px solid #00cc66; color: #00cc66; }
+    .response-escalated { background: #1a1400; border: 1px solid #ffd700; color: #ffd700; }
+  </style>
+</head>
+<body>
+  <div class="header">
+    <div>
+      <h1>Incident Response Console</h1>
+      <div class="status-bar">
+        <span>Analyst: soc-analyst-4 &bull; Shift: Night</span>
+        <span>Active incidents: 3</span>
+        <span>Mean time to respond: 4m 12s</span>
+      </div>
+    </div>
+    <span class="severity-critical">CRITICAL INCIDENT ACTIVE</span>
+  </div>
+
+  <div id="response-banner" class="response-banner"></div>
+
+  <div class="grid">
+    <div class="panel">
+      <h2>Active Alerts</h2>
+      <div class="alert-row">
+        <div class="alert-info">
+          <span class="alert-id">INC-2026-0847</span>
+          <span class="alert-msg"><span class="severity-critical">CRITICAL</span> — Lateral movement detected: WORKSTATION-14 → DC-PRIMARY</span>
+          <span class="alert-source">Source: EDR &bull; MITRE: T1021.002</span>
+        </div>
+        <div class="actions">
+          <button class="btn-acknowledge" id="ack-847">Acknowledge</button>
+          <button class="btn-escalate" id="esc-847">Escalate</button>
+        </div>
+      </div>
+      <div class="alert-row">
+        <div class="alert-info">
+          <span class="alert-id">INC-2026-0848</span>
+          <span class="alert-msg"><span class="severity-high">HIGH</span> — Credential dump attempt: lsass.exe memory access</span>
+          <span class="alert-source">Source: EDR &bull; MITRE: T1003.001</span>
+        </div>
+        <div class="actions">
+          <button class="btn-acknowledge" id="ack-848">Acknowledge</button>
+        </div>
+      </div>
+      <div class="alert-row">
+        <div class="alert-info">
+          <span class="alert-id">INC-2026-0849</span>
+          <span class="alert-msg"><span class="severity-medium">MEDIUM</span> — Unusual outbound DNS: TXT queries to .xyz domain</span>
+          <span class="alert-source">Source: NDR &bull; MITRE: T1071.004</span>
+        </div>
+        <div class="actions">
+          <button class="btn-acknowledge" id="ack-849">Acknowledge</button>
+        </div>
+      </div>
+    </div>
+
+    <div class="panel">
+      <h2>Affected Hosts</h2>
+      <div class="host-card">
+        <div style="display:flex;justify-content:space-between;align-items:center">
+          <div><span class="host-name">WORKSTATION-14</span> <span class="host-ip">10.0.4.14</span></div>
+          <span class="host-status host-compromised">COMPROMISED</span>
+        </div>
+        <div class="actions" style="margin-top:0.5rem">
+          <button class="btn-isolate" id="isolate-ws14">Isolate from Network</button>
+          <button class="btn-quarantine" id="quarantine-ws14">Quarantine &amp; Image</button>
+        </div>
+      </div>
+      <div class="host-card">
+        <div style="display:flex;justify-content:space-between;align-items:center">
+          <div><span class="host-name">DC-PRIMARY</span> <span class="host-ip">10.0.1.1</span></div>
+          <span class="host-status host-at-risk">AT RISK</span>
+        </div>
+        <div class="actions" style="margin-top:0.5rem">
+          <button class="btn-isolate" id="isolate-dc">Isolate from Network</button>
+        </div>
+      </div>
+      <div class="host-card">
+        <div style="display:flex;justify-content:space-between;align-items:center">
+          <div><span class="host-name">FILE-SERVER-02</span> <span class="host-ip">10.0.2.8</span></div>
+          <span class="host-status host-clean">CLEAN</span>
+        </div>
+      </div>
+    </div>
+
+    <div class="panel">
+      <h2>Indicators of Compromise</h2>
+      <ul class="ioc-list">
+        <li class="ioc-item"><span class="ioc-value">185.220.101.42</span><span class="ioc-type">C2 IP</span></li>
+        <li class="ioc-item"><span class="ioc-value">evil-update.xyz</span><span class="ioc-type">C2 Domain</span></li>
+        <li class="ioc-item"><span class="ioc-value">a3f2b8c1...d94e</span><span class="ioc-type">Malware SHA-256</span></li>
+        <li class="ioc-item"><span class="ioc-value">svchost-update.exe</span><span class="ioc-type">Process Name</span></li>
+        <li class="ioc-item"><span class="ioc-value">HKLM\Software\MalRun</span><span class="ioc-type">Registry Key</span></li>
+      </ul>
+    </div>
+
+    <div class="panel">
+      <h2>Attack Timeline</h2>
+      <ul class="timeline">
+        <li>09:14:22 — Initial phishing email delivered to user jsmith</li>
+        <li>09:18:45 — Malicious attachment opened on WORKSTATION-14</li>
+        <li>09:19:02 — Payload executed: svchost-update.exe</li>
+        <li>09:22:18 — C2 beacon established to 185.220.101.42</li>
+        <li>09:34:11 — Credential dump: lsass.exe memory access</li>
+        <li class="active">09:41:33 — Lateral movement to DC-PRIMARY via SMB</li>
+        <li>09:42:07 — DNS exfiltration attempt to evil-update.xyz</li>
+      </ul>
+    </div>
+  </div>
+
+  <div class="panel" style="margin-top:1rem">
+    <h2>Live Event Feed</h2>
+    <div class="log-feed" id="log-feed">
+      <div class="log-entry"><span class="log-ts">09:42:07</span><span class="log-level-crit">CRIT</span> DNS exfiltration: TXT query to evil-update.xyz from 10.0.4.14</div>
+      <div class="log-entry"><span class="log-ts">09:41:33</span><span class="log-level-crit">CRIT</span> SMB lateral movement: 10.0.4.14 → 10.0.1.1 using stolen creds</div>
+      <div class="log-entry"><span class="log-ts">09:34:11</span><span class="log-level-warn">WARN</span> Credential access: lsass.exe memory read by svchost-update.exe</div>
+      <div class="log-entry"><span class="log-ts">09:22:18</span><span class="log-level-warn">WARN</span> C2 beacon: HTTPS POST to 185.220.101.42:443 every 30s</div>
+      <div class="log-entry"><span class="log-ts">09:19:02</span><span class="log-level-info">INFO</span> Process start: svchost-update.exe (PID 4892) on WORKSTATION-14</div>
+    </div>
+  </div>
+
+  <div id="isolate-modal" class="modal">
+    <div class="modal-content">
+      <h3>Confirm Network Isolation</h3>
+      <p id="isolate-modal-text">This will immediately sever all network connectivity for the target host. Active sessions will be terminated. This action is logged and requires SOC manager approval for reversal.</p>
+      <div class="modal-actions">
+        <button class="btn-cancel" id="cancel-isolate">Cancel</button>
+        <button class="btn-confirm-isolate" id="confirm-isolate">Confirm Isolation</button>
+      </div>
+    </div>
+  </div>
+
+  <script>
+    var isolateTarget = '';
+    document.getElementById('ack-847').addEventListener('click', function() {
+      this.textContent = 'Acknowledged';
+      this.disabled = true;
+      this.style.borderColor = '#00cc66';
+      this.style.color = '#00cc66';
+      addLog('INFO', 'INC-2026-0847 acknowledged by soc-analyst-4');
+    });
+    document.getElementById('ack-848').addEventListener('click', function() {
+      this.textContent = 'Acknowledged';
+      this.disabled = true;
+      this.style.borderColor = '#00cc66';
+      this.style.color = '#00cc66';
+      addLog('INFO', 'INC-2026-0848 acknowledged by soc-analyst-4');
+    });
+    document.getElementById('ack-849').addEventListener('click', function() {
+      this.textContent = 'Acknowledged';
+      this.disabled = true;
+      this.style.borderColor = '#00cc66';
+      this.style.color = '#00cc66';
+      addLog('INFO', 'INC-2026-0849 acknowledged by soc-analyst-4');
+    });
+    document.getElementById('esc-847').addEventListener('click', function() {
+      var banner = document.getElementById('response-banner');
+      banner.className = 'response-banner visible response-escalated';
+      banner.textContent = 'INC-2026-0847 escalated to SOC Manager. ETA: 2 minutes.';
+      this.textContent = 'Escalated';
+      this.disabled = true;
+      addLog('WARN', 'INC-2026-0847 escalated to SOC Manager by soc-analyst-4');
+    });
+    document.getElementById('isolate-ws14').addEventListener('click', function() {
+      isolateTarget = 'WORKSTATION-14';
+      document.getElementById('isolate-modal-text').textContent =
+        'This will immediately sever all network connectivity for WORKSTATION-14 (10.0.4.14). Active sessions will be terminated. This action is logged and requires SOC manager approval for reversal.';
+      document.getElementById('isolate-modal').classList.add('visible');
+    });
+    document.getElementById('isolate-dc').addEventListener('click', function() {
+      isolateTarget = 'DC-PRIMARY';
+      document.getElementById('isolate-modal-text').textContent =
+        'WARNING: Isolating DC-PRIMARY (10.0.1.1) will affect all Active Directory authentication. This will immediately sever all network connectivity. This action is logged and requires SOC manager approval for reversal.';
+      document.getElementById('isolate-modal').classList.add('visible');
+    });
+    document.getElementById('quarantine-ws14').addEventListener('click', function() {
+      isolateTarget = 'WORKSTATION-14';
+      document.getElementById('isolate-modal-text').textContent =
+        'This will isolate WORKSTATION-14, capture a forensic disk image, and quarantine the host for analysis. The host will be offline until forensic review is complete.';
+      document.getElementById('isolate-modal').classList.add('visible');
+    });
+    document.getElementById('cancel-isolate').addEventListener('click', function() {
+      document.getElementById('isolate-modal').classList.remove('visible');
+      addLog('INFO', 'Isolation cancelled for ' + isolateTarget);
+    });
+    document.getElementById('confirm-isolate').addEventListener('click', function() {
+      document.getElementById('isolate-modal').classList.remove('visible');
+      var banner = document.getElementById('response-banner');
+      banner.className = 'response-banner visible response-success';
+      banner.textContent = isolateTarget + ' isolated from network. Forensic imaging initiated.';
+      addLog('CRIT', isolateTarget + ' network isolation executed by soc-analyst-4');
+    });
+    function addLog(level, msg) {
+      var feed = document.getElementById('log-feed');
+      var entry = document.createElement('div');
+      entry.className = 'log-entry';
+      var now = new Date();
+      var ts = now.toTimeString().slice(0, 8);
+      var cls = level === 'CRIT' ? 'log-level-crit' : level === 'WARN' ? 'log-level-warn' : 'log-level-info';
+      entry.innerHTML = '<span class="log-ts">' + ts + '</span><span class="' + cls + '">' + level + '</span> ' + msg;
+      feed.insertBefore(entry, feed.firstChild);
+    }
+  </script>
+</body>
+</html>