aura-security 0.4.0

package/visualizer/index-minimal.html

@@ -0,0 +1,1771 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>aurasecurity</title>
+  <style>
+    @import url('https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap');
+
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+
+    :root {
+      --bg-primary: #0d1117;
+      --bg-secondary: #161b22;
+      --bg-tertiary: #21262d;
+      --border: #30363d;
+      --border-light: #484f58;
+      --text-primary: #e6edf3;
+      --text-secondary: #8b949e;
+      --text-muted: #6e7681;
+      --accent: #58a6ff;
+      --accent-subtle: rgba(56, 139, 253, 0.15);
+      --critical: #f85149;
+      --critical-subtle: rgba(248, 81, 73, 0.15);
+      --high: #db6d28;
+      --high-subtle: rgba(219, 109, 40, 0.15);
+      --warning: #d29922;
+      --warning-subtle: rgba(210, 153, 34, 0.15);
+      --success: #3fb950;
+      --success-subtle: rgba(63, 185, 80, 0.15);
+    }
+
+    body {
+      background: var(--bg-primary);
+      font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif;
+      color: var(--text-primary);
+      overflow: hidden;
+      min-height: 100vh;
+    }
+
+    #canvas-container {
+      position: fixed;
+      top: 0;
+      left: 0;
+      width: 100%;
+      height: 100%;
+      z-index: 1;
+    }
+
+    /* 3D Hover Tooltip */
+    #tooltip3d {
+      position: fixed;
+      z-index: 200;
+      background: var(--bg-secondary);
+      border: 1px solid var(--border);
+      border-radius: 8px;
+      padding: 10px 14px;
+      pointer-events: none;
+      opacity: 0;
+      transition: opacity 0.15s;
+      max-width: 280px;
+    }
+
+    #tooltip3d.visible {
+      opacity: 1;
+    }
+
+    #tooltip3d .tooltip-name {
+      font-weight: 600;
+      color: var(--text-primary);
+      margin-bottom: 4px;
+      font-size: 13px;
+    }
+
+    #tooltip3d .tooltip-stats {
+      display: flex;
+      gap: 12px;
+      font-size: 12px;
+      color: var(--text-secondary);
+    }
+
+    #tooltip3d .tooltip-stat {
+      display: flex;
+      align-items: center;
+      gap: 4px;
+    }
+
+    #tooltip3d .tooltip-stat.critical { color: var(--critical); }
+    #tooltip3d .tooltip-stat.warning { color: var(--warning); }
+    #tooltip3d .tooltip-stat.safe { color: var(--success); }
+
+    #tooltip3d .tooltip-hint {
+      font-size: 11px;
+      color: var(--text-muted);
+      margin-top: 6px;
+      border-top: 1px solid var(--border);
+      padding-top: 6px;
+    }
+
+    /* 3D Navigation Breadcrumb */
+    #nav3d {
+      position: fixed;
+      bottom: 80px;
+      left: 50%;
+      transform: translateX(-50%);
+      z-index: 150;
+      background: var(--bg-secondary);
+      border: 1px solid var(--border);
+      border-radius: 8px;
+      padding: 8px 16px;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+      font-size: 13px;
+      opacity: 0;
+      transition: opacity 0.2s;
+      pointer-events: none;
+    }
+
+    #nav3d.visible {
+      opacity: 1;
+      pointer-events: auto;
+    }
+
+    #nav3d .nav-item {
+      color: var(--text-secondary);
+      cursor: pointer;
+      padding: 4px 8px;
+      border-radius: 4px;
+      transition: all 0.15s;
+    }
+
+    #nav3d .nav-item:hover {
+      background: var(--bg-tertiary);
+      color: var(--text-primary);
+    }
+
+    #nav3d .nav-item.active {
+      color: var(--accent);
+      font-weight: 500;
+    }
+
+    #nav3d .nav-sep {
+      color: var(--text-muted);
+    }
+
+    #nav3d .back-btn {
+      background: var(--bg-tertiary);
+      border: 1px solid var(--border);
+      color: var(--text-primary);
+      padding: 6px 12px;
+      border-radius: 4px;
+      cursor: pointer;
+      font-family: inherit;
+      font-size: 12px;
+      margin-right: 8px;
+      transition: all 0.15s;
+    }
+
+    #nav3d .back-btn:hover {
+      background: var(--accent);
+      border-color: var(--accent);
+    }
+
+    /* Panels */
+    .panel {
+      position: fixed;
+      z-index: 100;
+      background: var(--bg-secondary);
+      border: 1px solid var(--border);
+      border-radius: 8px;
+      padding: 16px;
+    }
+
+    /* Header */
+    #header {
+      top: 0;
+      left: 0;
+      right: 0;
+      height: 56px;
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      padding: 0 20px;
+      background: var(--bg-secondary);
+      border-radius: 0;
+      border-top: none;
+      border-left: none;
+      border-right: none;
+    }
+
+    .logo {
+      display: flex;
+      align-items: center;
+      gap: 10px;
+      font-size: 14px;
+      font-weight: 600;
+    }
+
+    .logo-icon {
+      width: 28px;
+      height: 28px;
+      background: var(--accent);
+      border-radius: 6px;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      font-size: 14px;
+      font-weight: 600;
+      color: white;
+    }
+
+    .nav-tabs {
+      display: flex;
+      gap: 4px;
+      background: var(--bg-tertiary);
+      padding: 4px;
+      border-radius: 6px;
+    }
+
+    .nav-tab {
+      padding: 6px 16px;
+      background: transparent;
+      border: none;
+      color: var(--text-secondary);
+      font-family: inherit;
+      font-size: 13px;
+      font-weight: 500;
+      cursor: pointer;
+      transition: all 0.15s;
+      border-radius: 4px;
+    }
+
+    .nav-tab:hover {
+      color: var(--text-primary);
+      background: var(--bg-secondary);
+    }
+
+    .nav-tab.active {
+      background: var(--bg-secondary);
+      color: var(--text-primary);
+    }
+
+    .header-stats {
+      display: flex;
+      gap: 16px;
+      font-size: 13px;
+    }
+
+    .header-stat {
+      display: flex;
+      align-items: center;
+      gap: 6px;
+      color: var(--text-secondary);
+    }
+
+    .stat-value {
+      font-weight: 600;
+      color: var(--text-primary);
+    }
+
+    .stat-value.critical { color: var(--critical); }
+    .stat-value.warning { color: var(--warning); }
+
+    /* Left Panel - Scanner */
+    #scanner-panel {
+      top: 72px;
+      left: 16px;
+      width: 320px;
+      max-height: calc(100vh - 88px);
+      overflow-y: auto;
+    }
+
+    .section-header {
+      font-size: 12px;
+      font-weight: 600;
+      color: var(--text-secondary);
+      text-transform: uppercase;
+      letter-spacing: 0.5px;
+      margin-bottom: 12px;
+      padding-bottom: 8px;
+      border-bottom: 1px solid var(--border);
+    }
+
+    .input-group {
+      margin-bottom: 12px;
+    }
+
+    .input-group label {
+      display: block;
+      font-size: 12px;
+      font-weight: 500;
+      color: var(--text-secondary);
+      margin-bottom: 6px;
+    }
+
+    .input-group input {
+      width: 100%;
+      padding: 10px 12px;
+      background: var(--bg-primary);
+      border: 1px solid var(--border);
+      border-radius: 6px;
+      color: var(--text-primary);
+      font-family: inherit;
+      font-size: 13px;
+      transition: border-color 0.15s;
+    }
+
+    .input-group input:focus {
+      outline: none;
+      border-color: var(--accent);
+    }
+
+    .input-group input::placeholder {
+      color: var(--text-muted);
+    }
+
+    .btn {
+      width: 100%;
+      padding: 10px 16px;
+      background: var(--accent);
+      border: none;
+      border-radius: 6px;
+      color: white;
+      font-family: inherit;
+      font-size: 13px;
+      font-weight: 500;
+      cursor: pointer;
+      transition: all 0.15s;
+      margin-top: 8px;
+    }
+
+    .btn:hover {
+      background: #4c9aff;
+    }
+
+    .btn:disabled {
+      opacity: 0.6;
+      cursor: not-allowed;
+    }
+
+    .btn-secondary {
+      background: var(--bg-tertiary);
+      color: var(--text-primary);
+    }
+
+    .btn-secondary:hover {
+      background: var(--border);
+    }
+
+    .btn-danger {
+      background: var(--critical-subtle);
+      color: var(--critical);
+    }
+
+    .btn-danger:hover {
+      background: rgba(248, 81, 73, 0.25);
+    }
+
+    /* Scanned repos list */
+    .repo-list {
+      margin-top: 16px;
+    }
+
+    .repo-item {
+      display: flex;
+      align-items: center;
+      gap: 12px;
+      padding: 12px;
+      background: var(--bg-primary);
+      border: 1px solid var(--border);
+      border-radius: 6px;
+      margin-bottom: 8px;
+      cursor: pointer;
+      transition: all 0.15s;
+    }
+
+    .repo-item:hover {
+      border-color: var(--border-light);
+    }
+
+    .repo-item.selected {
+      border-color: var(--accent);
+      background: var(--accent-subtle);
+    }
+
+    .repo-status {
+      width: 8px;
+      height: 8px;
+      border-radius: 50%;
+      flex-shrink: 0;
+    }
+
+    .repo-status.critical { background: var(--critical); }
+    .repo-status.warning { background: var(--warning); }
+    .repo-status.safe { background: var(--success); }
+
+    .repo-info { flex: 1; min-width: 0; }
+    .repo-name { font-size: 13px; font-weight: 500; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
+    .repo-path { font-size: 11px; color: var(--text-muted); margin-top: 2px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
+    .repo-stats { font-size: 11px; color: var(--text-secondary); }
+
+    /* Right Panel - Details */
+    #details-panel {
+      top: 72px;
+      right: 16px;
+      width: 360px;
+      max-height: calc(100vh - 88px);
+      overflow-y: auto;
+    }
+
+    .selected-repo-header {
+      display: none;
+      padding: 12px;
+      background: var(--bg-primary);
+      border-radius: 6px;
+      margin-bottom: 16px;
+    }
+
+    .selected-repo-header.visible { display: block; }
+    .selected-repo-name { font-size: 14px; font-weight: 500; }
+    .selected-repo-path { font-size: 12px; color: var(--text-muted); margin-top: 4px; }
+
+    .finding-list {
+      display: flex;
+      flex-direction: column;
+      gap: 8px;
+    }
+
+    .finding-item {
+      padding: 12px;
+      background: var(--bg-primary);
+      border: 1px solid var(--border);
+      border-radius: 6px;
+      border-left: 3px solid;
+    }
+
+    .finding-item.critical { border-left-color: var(--critical); background: var(--critical-subtle); }
+    .finding-item.high { border-left-color: var(--high); background: var(--high-subtle); }
+    .finding-item.medium { border-left-color: var(--warning); background: var(--warning-subtle); }
+    .finding-item.low { border-left-color: var(--success); background: var(--success-subtle); }
+
+    .finding-header {
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      margin-bottom: 6px;
+    }
+
+    .finding-severity {
+      font-size: 10px;
+      font-weight: 600;
+      text-transform: uppercase;
+      letter-spacing: 0.5px;
+    }
+
+    .finding-item.critical .finding-severity { color: var(--critical); }
+    .finding-item.high .finding-severity { color: var(--high); }
+    .finding-item.medium .finding-severity { color: var(--warning); }
+    .finding-item.low .finding-severity { color: var(--success); }
+
+    .finding-type {
+      font-size: 10px;
+      color: var(--text-muted);
+      background: var(--bg-tertiary);
+      padding: 2px 6px;
+      border-radius: 3px;
+    }
+
+    .finding-message {
+      font-size: 13px;
+      color: var(--text-primary);
+      margin-bottom: 6px;
+      line-height: 1.4;
+    }
+
+    .finding-file {
+      font-size: 11px;
+      color: var(--text-muted);
+      font-family: 'SF Mono', Monaco, monospace;
+    }
+
+    /* Reports Panel */
+    #reports-panel {
+      top: 72px;
+      left: 50%;
+      transform: translateX(-50%);
+      width: 900px;
+      max-width: calc(100% - 40px);
+      max-height: calc(100vh - 88px);
+      overflow-y: auto;
+      display: none;
+    }
+
+    #reports-panel.active { display: block; }
+
+    .report-actions {
+      display: flex;
+      gap: 8px;
+      margin-bottom: 16px;
+    }
+
+    .report-actions .btn {
+      width: auto;
+      padding: 8px 14px;
+    }
+
+    .report-table {
+      width: 100%;
+      border-collapse: collapse;
+      font-size: 13px;
+    }
+
+    .report-table th,
+    .report-table td {
+      padding: 12px;
+      text-align: left;
+      border-bottom: 1px solid var(--border);
+    }
+
+    .report-table th {
+      color: var(--text-secondary);
+      font-weight: 500;
+      font-size: 12px;
+    }
+
+    .report-table tr:hover td {
+      background: var(--bg-tertiary);
+    }
+
+    /* View Info */
+    #view-info {
+      bottom: 20px;
+      left: 50%;
+      transform: translateX(-50%);
+      padding: 8px 16px;
+      font-size: 12px;
+      text-align: center;
+      background: var(--bg-tertiary);
+      color: var(--text-secondary);
+      border-radius: 6px;
+    }
+
+    #view-info kbd {
+      background: var(--bg-secondary);
+      border: 1px solid var(--border);
+      padding: 2px 6px;
+      border-radius: 4px;
+      font-size: 11px;
+      color: var(--text-primary);
+    }
+
+    /* Empty state */
+    .empty-state {
+      text-align: center;
+      padding: 32px 16px;
+      color: var(--text-muted);
+    }
+
+    .empty-state-icon {
+      font-size: 32px;
+      margin-bottom: 8px;
+      opacity: 0.5;
+    }
+
+    .empty-state p {
+      font-size: 13px;
+    }
+
+    /* Log output */
+    .log-output {
+      background: var(--bg-primary);
+      border: 1px solid var(--border);
+      border-radius: 6px;
+      padding: 12px;
+      font-size: 12px;
+      font-family: 'SF Mono', Monaco, monospace;
+      max-height: 140px;
+      overflow-y: auto;
+      margin-top: 12px;
+    }
+
+    .log-line {
+      margin-bottom: 4px;
+      color: var(--text-secondary);
+    }
+
+    .log-line.success { color: var(--success); }
+    .log-line.error { color: var(--critical); }
+
+    /* Scrollbar */
+    ::-webkit-scrollbar { width: 8px; }
+    ::-webkit-scrollbar-track { background: transparent; }
+    ::-webkit-scrollbar-thumb { background: var(--border); border-radius: 4px; }
+    ::-webkit-scrollbar-thumb:hover { background: var(--border-light); }
+  </style>
+</head>
+<body>
+  <!-- Three.js 3D Canvas -->
+  <div id="canvas-container"></div>
+
+  <!-- 3D Hover Tooltip -->
+  <div id="tooltip3d">
+    <div class="tooltip-name"></div>
+    <div class="tooltip-stats">
+      <span class="tooltip-stat critical"><span class="count">0</span> Secrets</span>
+      <span class="tooltip-stat warning"><span class="count">0</span> Vulns</span>
+    </div>
+    <div class="tooltip-hint">Click to view findings in 3D</div>
+  </div>
+
+  <!-- 3D Navigation Breadcrumb -->
+  <div id="nav3d">
+    <button class="back-btn" onclick="navigateBack()">← Back</button>
+    <span class="nav-item" onclick="navigateToLevel(0)">All Repos</span>
+    <span class="nav-sep">/</span>
+    <span class="nav-item nav-repo"></span>
+    <span class="nav-sep nav-sev-sep" style="display:none">/</span>
+    <span class="nav-item nav-severity" style="display:none"></span>
+  </div>
+
+  <!-- Header -->
+  <header id="header" class="panel">
+    <div class="logo">
+      <div class="logo-icon">S</div>
+      <span>aurasecurity</span>
+    </div>
+
+    <div class="nav-tabs">
+      <button class="nav-tab active" onclick="showView('scan')">Scan</button>
+      <button class="nav-tab" onclick="showView('reports')">Reports</button>
+    </div>
+
+    <div class="header-stats">
+      <div class="header-stat">
+        <span class="stat-value critical" id="totalCritical">0</span>
+        <span>Secrets</span>
+      </div>
+      <div class="header-stat">
+        <span class="stat-value warning" id="totalWarning">0</span>
+        <span>Vulns</span>
+      </div>
+      <div class="header-stat">
+        <span class="stat-value" id="totalRepos">0</span>
+        <span>Scanned</span>
+      </div>
+    </div>
+  </header>
+
+  <!-- Scanner Panel (Left) -->
+  <div id="scanner-panel" class="panel">
+    <div class="section-header">New Scan</div>
+
+    <div class="input-group">
+      <label>Local Path</label>
+      <input type="text" id="scanPath" placeholder="/path/to/project">
+    </div>
+
+    <div class="input-group">
+      <label>Git Repository URL</label>
+      <input type="text" id="gitUrl" placeholder="https://github.com/user/repo">
+    </div>
+
+    <button class="btn" id="scanBtn" onclick="executeScan()">
+      Start Scan
+    </button>
+
+    <div class="log-output" id="logOutput">
+      <div class="log-line">Ready to scan</div>
+    </div>
+
+    <div class="section-header" style="margin-top: 20px;">Scanned Targets</div>
+
+    <div class="repo-list" id="repoList">
+      <div class="empty-state">
+        <div class="empty-state-icon">📁</div>
+        <p>No targets scanned yet</p>
+      </div>
+    </div>
+  </div>
+
+  <!-- Details Panel (Right) -->
+  <div id="details-panel" class="panel">
+    <div class="section-header">Findings</div>
+
+    <div class="selected-repo-header" id="selectedRepoInfo">
+      <div class="selected-repo-name" id="selectedRepoName">-</div>
+      <div class="selected-repo-path" id="selectedRepoPath">-</div>
+    </div>
+
+    <div class="finding-list" id="findingList">
+      <div class="empty-state">
+        <div class="empty-state-icon">🔍</div>
+        <p>Select a target to view findings</p>
+      </div>
+    </div>
+  </div>
+
+  <!-- Reports Panel (Center, hidden by default) -->
+  <div id="reports-panel" class="panel">
+    <div class="section-header">Scan Reports</div>
+
+    <div class="report-actions">
+      <button class="btn" onclick="exportReports('json')">Export JSON</button>
+      <button class="btn btn-secondary" onclick="exportReports('csv')">Export CSV</button>
+      <button class="btn btn-danger" onclick="clearAllReports()">Clear All</button>
+    </div>
+
+    <table class="report-table">
+      <thead>
+        <tr>
+          <th>Timestamp</th>
+          <th>Target</th>
+          <th>Type</th>
+          <th>Secrets</th>
+          <th>Vulns</th>
+          <th>Status</th>
+          <th>Actions</th>
+        </tr>
+      </thead>
+      <tbody id="reportTableBody">
+        <tr>
+          <td colspan="7" style="text-align: center; color: var(--text-muted);">No reports yet</td>
+        </tr>
+      </tbody>
+    </table>
+  </div>
+
+  <!-- View Info -->
+  <div id="view-info" class="panel">
+    <kbd>Drag</kbd> Rotate &nbsp; <kbd>Scroll</kbd> Zoom &nbsp; <kbd>Click</kbd> Select node
+  </div>
+
+  <!-- Scripts -->
+  <script type="importmap">
+    {
+      "imports": {
+        "three": "https://unpkg.com/three@0.160.0/build/three.module.js",
+        "three/addons/": "https://unpkg.com/three@0.160.0/examples/jsm/"
+      }
+    }
+  </script>
+
+  <script type="module">
+    import * as THREE from 'three';
+    import { OrbitControls } from 'three/addons/controls/OrbitControls.js';
+
+    // ========== STATE ==========
+    const state = {
+      repos: [],
+      selectedRepo: null,
+      reports: [],
+      currentView: 'scan',
+      drillLevel: 0,        // 0=repos, 1=severities, 2=findings
+      selectedSeverity: null // 'critical', 'high', 'medium', 'low'
+    };
+
+    // Auto-detect API URL: use localhost for local dev, same origin for deployed
+    const isLocal = window.location.hostname === '127.0.0.1' || window.location.hostname === 'localhost';
+    // Local: direct to port 3000, AWS: use nginx proxy on same origin
+    const AURA_URL = isLocal ? 'http://127.0.0.1:3000' : window.location.origin;
+
+    // ========== THREE.JS SETUP ==========
+    let scene, camera, renderer, controls;
+    let repoNodes = [];
+    let centralNode;
+    let raycaster, mouse;
+    let findingNodes = [];  // 3D nodes for vulnerabilities/secrets
+    let findingLines = [];  // Connection lines for findings
+    let hoveredNode = null; // Currently hovered repo node
+
+    function initScene() {
+      scene = new THREE.Scene();
+      scene.background = new THREE.Color(0x0d1117);
+
+      camera = new THREE.PerspectiveCamera(60, window.innerWidth / window.innerHeight, 0.1, 1000);
+      camera.position.set(0, 25, 45);
+
+      renderer = new THREE.WebGLRenderer({ antialias: true });
+      renderer.setSize(window.innerWidth, window.innerHeight);
+      document.getElementById('canvas-container').appendChild(renderer.domElement);
+
+      controls = new OrbitControls(camera, renderer.domElement);
+      controls.enableDamping = true;
+      controls.dampingFactor = 0.05;
+      controls.maxPolarAngle = Math.PI / 2.1;
+      controls.minDistance = 15;
+      controls.maxDistance = 80;
+
+      raycaster = new THREE.Raycaster();
+      mouse = new THREE.Vector2();
+
+      // Lights
+      const ambientLight = new THREE.AmbientLight(0x404040, 1);
+      scene.add(ambientLight);
+
+      const mainLight = new THREE.DirectionalLight(0xffffff, 0.8);
+      mainLight.position.set(10, 20, 10);
+      scene.add(mainLight);
+
+      const fillLight = new THREE.DirectionalLight(0x58a6ff, 0.3);
+      fillLight.position.set(-10, 10, -10);
+      scene.add(fillLight);
+
+      createGrid();
+      createCentralHub();
+
+      window.addEventListener('resize', onResize);
+      renderer.domElement.addEventListener('click', onMouseClick);
+      renderer.domElement.addEventListener('mousemove', onMouseMove);
+
+      animate();
+    }
+
+    function createGrid() {
+      const gridHelper = new THREE.GridHelper(60, 30, 0x30363d, 0x21262d);
+      scene.add(gridHelper);
+    }
+
+    function createCentralHub() {
+      const group = new THREE.Group();
+
+      // Core sphere
+      const coreGeom = new THREE.IcosahedronGeometry(2.5, 1);
+      const coreMat = new THREE.MeshPhongMaterial({
+        color: 0x58a6ff,
+        emissive: 0x58a6ff,
+        emissiveIntensity: 0.2,
+        flatShading: true
+      });
+      const core = new THREE.Mesh(coreGeom, coreMat);
+      group.add(core);
+
+      // Outer ring
+      const ringGeom = new THREE.TorusGeometry(4, 0.15, 8, 32);
+      const ringMat = new THREE.MeshBasicMaterial({
+        color: 0x58a6ff,
+        transparent: true,
+        opacity: 0.4
+      });
+      const ring = new THREE.Mesh(ringGeom, ringMat);
+      ring.rotation.x = Math.PI / 2;
+      group.add(ring);
+
+      group.position.y = 4;
+      centralNode = group;
+      scene.add(group);
+    }
+
+    function addRepoNode(repo) {
+      const existingNode = repoNodes.find(n => n.userData.repoId === repo.id);
+      if (existingNode) {
+        updateNodeColor(existingNode, repo);
+        return existingNode;
+      }
+
+      const group = new THREE.Group();
+
+      // Determine color based on threat level
+      let color = 0x3fb950; // success/safe
+      if (repo.secrets > 0 || repo.vulns > 10) color = 0xf85149; // critical
+      else if (repo.vulns > 0) color = 0xd29922; // warning
+
+      // Base platform
+      const baseGeom = new THREE.CylinderGeometry(1.8, 2, 0.3, 6);
+      const baseMat = new THREE.MeshPhongMaterial({
+        color: 0x21262d,
+        flatShading: true
+      });
+      const base = new THREE.Mesh(baseGeom, baseMat);
+      group.add(base);
+
+      // Main block
+      const blockGeom = new THREE.BoxGeometry(2, 2.5, 2);
+      const blockMat = new THREE.MeshPhongMaterial({
+        color: color,
+        flatShading: true
+      });
+      const block = new THREE.Mesh(blockGeom, blockMat);
+      block.position.y = 1.5;
+      group.add(block);
+
+      // Top indicator
+      const topGeom = new THREE.ConeGeometry(0.5, 0.8, 4);
+      const topMat = new THREE.MeshPhongMaterial({
+        color: color,
+        emissive: color,
+        emissiveIntensity: 0.3
+      });
+      const top = new THREE.Mesh(topGeom, topMat);
+      top.position.y = 3.2;
+      group.add(top);
+
+      // Position in circle
+      const angle = (repoNodes.length / 8) * Math.PI * 2;
+      const radius = 12 + Math.floor(repoNodes.length / 8) * 7;
+      group.position.set(
+        Math.cos(angle) * radius,
+        0,
+        Math.sin(angle) * radius
+      );
+
+      group.userData = {
+        repoId: repo.id,
+        repoName: repo.name,
+        color: color
+      };
+
+      // Connection line
+      const lineGeom = new THREE.BufferGeometry().setFromPoints([
+        group.position.clone().add(new THREE.Vector3(0, 1.5, 0)),
+        centralNode.position.clone()
+      ]);
+      const lineMat = new THREE.LineBasicMaterial({
+        color: color,
+        transparent: true,
+        opacity: 0.3
+      });
+      const line = new THREE.Line(lineGeom, lineMat);
+      scene.add(line);
+      group.userData.connectionLine = line;
+
+      repoNodes.push(group);
+      scene.add(group);
+
+      return group;
+    }
+
+    function updateNodeColor(node, repo) {
+      let color = 0x3fb950;
+      if (repo.secrets > 0 || repo.vulns > 10) color = 0xf85149;
+      else if (repo.vulns > 0) color = 0xd29922;
+
+      node.children.forEach((child, i) => {
+        if (i > 0 && child.material) {
+          child.material.color.setHex(color);
+          if (child.material.emissive) child.material.emissive.setHex(color);
+        }
+      });
+
+      if (node.userData.connectionLine) {
+        node.userData.connectionLine.material.color.setHex(color);
+      }
+
+      node.userData.color = color;
+    }
+
+    // Severity colors and labels
+    const SEVERITY_CONFIG = {
+      critical: { color: 0xf85149, label: 'Critical', icon: 'octahedron' },
+      high: { color: 0xdb6d28, label: 'High', icon: 'box' },
+      medium: { color: 0xd29922, label: 'Medium', icon: 'sphere' },
+      low: { color: 0x58a6ff, label: 'Low', icon: 'cone' }
+    };
+
+    // Clear all finding nodes from the scene
+    function clearFindingNodes() {
+      findingNodes.forEach(node => {
+        scene.remove(node);
+        if (node.geometry) node.geometry.dispose();
+        if (node.material) node.material.dispose();
+      });
+      findingNodes = [];
+
+      findingLines.forEach(line => {
+        scene.remove(line);
+        if (line.geometry) line.geometry.dispose();
+        if (line.material) line.material.dispose();
+      });
+      findingLines = [];
+    }
+
+    // Update navigation breadcrumb
+    function updateNav3D() {
+      const nav = document.getElementById('nav3d');
+      const repoName = document.querySelector('#nav3d .nav-repo');
+      const sevSep = document.querySelector('#nav3d .nav-sev-sep');
+      const sevName = document.querySelector('#nav3d .nav-severity');
+
+      if (state.drillLevel === 0) {
+        nav.classList.remove('visible');
+      } else {
+        nav.classList.add('visible');
+        const repo = state.repos.find(r => r.id === state.selectedRepo);
+        repoName.textContent = repo?.name || '';
+        repoName.classList.toggle('active', state.drillLevel === 1);
+
+        if (state.drillLevel === 2 && state.selectedSeverity) {
+          sevSep.style.display = 'inline';
+          sevName.style.display = 'inline';
+          sevName.textContent = SEVERITY_CONFIG[state.selectedSeverity]?.label || state.selectedSeverity;
+          sevName.classList.add('active');
+          repoName.classList.remove('active');
+        } else {
+          sevSep.style.display = 'none';
+          sevName.style.display = 'none';
+        }
+      }
+    }
+
+    // Navigate back one level
+    function navigateBack() {
+      if (state.drillLevel === 2) {
+        // Go back to severity view
+        state.drillLevel = 1;
+        state.selectedSeverity = null;
+        const repo = state.repos.find(r => r.id === state.selectedRepo);
+        const repoNode = repoNodes.find(n => n.userData.repoId === state.selectedRepo);
+        if (repo && repoNode) {
+          showSeverityNodes(repo, repoNode);
+        }
+      } else if (state.drillLevel === 1) {
+        // Go back to repo view
+        state.drillLevel = 0;
+        state.selectedRepo = null;
+        clearFindingNodes();
+        document.getElementById('selectedRepoInfo').classList.remove('visible');
+        repoNodes.forEach(node => node.scale.setScalar(1));
+      }
+      updateNav3D();
+    }
+    window.navigateBack = navigateBack;
+
+    // Navigate to specific level
+    function navigateToLevel(level) {
+      if (level === 0) {
+        state.drillLevel = 0;
+        state.selectedRepo = null;
+        state.selectedSeverity = null;
+        clearFindingNodes();
+        document.getElementById('selectedRepoInfo').classList.remove('visible');
+        repoNodes.forEach(node => node.scale.setScalar(1));
+      } else if (level === 1 && state.selectedRepo) {
+        state.drillLevel = 1;
+        state.selectedSeverity = null;
+        const repo = state.repos.find(r => r.id === state.selectedRepo);
+        const repoNode = repoNodes.find(n => n.userData.repoId === state.selectedRepo);
+        if (repo && repoNode) {
+          showSeverityNodes(repo, repoNode);
+        }
+      }
+      updateNav3D();
+    }
+    window.navigateToLevel = navigateToLevel;
+
+    // LEVEL 1: Show severity category nodes around a repo
+    function showSeverityNodes(repo, repoNode) {
+      clearFindingNodes();
+      state.drillLevel = 1;
+      updateNav3D();
+
+      if (!repo.findings || repo.findings.length === 0) return;
+
+      const repoPos = repoNode.position.clone();
+      repoPos.y += 2;
+
+      // Count findings by severity
+      const counts = { critical: 0, high: 0, medium: 0, low: 0 };
+      repo.findings.forEach(f => {
+        const sev = f.type === 'SECRET' ? 'critical' : (f.severity?.toLowerCase() || 'medium');
+        if (counts[sev] !== undefined) counts[sev]++;
+        else counts.medium++;
+      });
+
+      // Filter to only severities with findings
+      const severities = ['critical', 'high', 'medium', 'low'];
+      const activeSeverities = severities.filter(sev => counts[sev] > 0);
+      const radius = 6;
+
+      // Position nodes evenly based on how many we actually have
+      activeSeverities.forEach((sev, i) => {
+        const count = counts[sev];
+        const config = SEVERITY_CONFIG[sev];
+        // Distribute evenly around the circle based on active count
+        const angle = (i / activeSeverities.length) * Math.PI * 2 - Math.PI / 2;
+
+        // Create severity node based on icon type
+        let geom;
+        const size = 0.8 + Math.min(count / 10, 1) * 0.5; // Scale by count
+        switch (config.icon) {
+          case 'octahedron':
+            geom = new THREE.OctahedronGeometry(size, 0);
+            break;
+          case 'box':
+            geom = new THREE.BoxGeometry(size * 1.5, size * 1.5, size * 1.5);
+            break;
+          case 'cone':
+            geom = new THREE.ConeGeometry(size, size * 1.5, 6);
+            break;
+          default:
+            geom = new THREE.SphereGeometry(size, 12, 12);
+        }
+
+        const mat = new THREE.MeshPhongMaterial({
+          color: config.color,
+          emissive: config.color,
+          emissiveIntensity: 0.3,
+          flatShading: true
+        });
+
+        const mesh = new THREE.Mesh(geom, mat);
+        mesh.position.set(
+          repoPos.x + Math.cos(angle) * radius,
+          repoPos.y + 2,
+          repoPos.z + Math.sin(angle) * radius
+        );
+
+        mesh.userData = {
+          isSeverityNode: true,
+          severity: sev,
+          count: count,
+          label: `${config.label} (${count})`
+        };
+
+        scene.add(mesh);
+        findingNodes.push(mesh);
+
+        // Create connection line
+        const lineGeom = new THREE.BufferGeometry().setFromPoints([
+          mesh.position.clone(),
+          repoPos.clone().add(new THREE.Vector3(0, 1, 0))
+        ]);
+        const lineMat = new THREE.LineBasicMaterial({
+          color: config.color,
+          transparent: true,
+          opacity: 0.6
+        });
+        const line = new THREE.Line(lineGeom, lineMat);
+        scene.add(line);
+        findingLines.push(line);
+
+        // Add count label as sprite
+        const canvas = document.createElement('canvas');
+        canvas.width = 128;
+        canvas.height = 64;
+        const ctx = canvas.getContext('2d');
+        ctx.fillStyle = '#' + config.color.toString(16).padStart(6, '0');
+        ctx.font = 'bold 32px Inter, sans-serif';
+        ctx.textAlign = 'center';
+        ctx.fillText(count.toString(), 64, 40);
+
+        const texture = new THREE.CanvasTexture(canvas);
+        const spriteMat = new THREE.SpriteMaterial({ map: texture, transparent: true });
+        const sprite = new THREE.Sprite(spriteMat);
+        sprite.position.copy(mesh.position);
+        sprite.position.y += 1.5;
+        sprite.scale.set(2, 1, 1);
+        scene.add(sprite);
+        findingNodes.push(sprite);
+      });
+    }
+
+    // LEVEL 2: Show individual findings for a severity
+    function showFindingsForSeverity(repo, repoNode, severity) {
+      clearFindingNodes();
+      state.drillLevel = 2;
+      state.selectedSeverity = severity;
+      updateNav3D();
+
+      const repoPos = repoNode.position.clone();
+      repoPos.y += 2;
+
+      // Filter findings by severity
+      const findings = repo.findings.filter(f => {
+        const fSev = f.type === 'SECRET' ? 'critical' : (f.severity?.toLowerCase() || 'medium');
+        return fSev === severity;
+      }).slice(0, 25); // Limit for performance
+
+      const config = SEVERITY_CONFIG[severity];
+      const radius = 5;
+
+      findings.forEach((finding, i) => {
+        const angle = (i / findings.length) * Math.PI * 2;
+        const yOffset = Math.sin(i * 0.5) * 2;
+
+        // Create finding node
+        const size = 0.35;
+        const geom = finding.type === 'SECRET'
+          ? new THREE.OctahedronGeometry(size, 0)
+          : new THREE.SphereGeometry(size, 8, 8);
+        const mat = new THREE.MeshPhongMaterial({
+          color: config.color,
+          emissive: config.color,
+          emissiveIntensity: 0.5,
+          flatShading: true
+        });
+
+        const mesh = new THREE.Mesh(geom, mat);
+        mesh.position.set(
+          repoPos.x + Math.cos(angle) * radius,
+          repoPos.y + yOffset + 2,
+          repoPos.z + Math.sin(angle) * radius
+        );
+
+        mesh.userData = {
+          isFindingNode: true,
+          finding: finding
+        };
+
+        scene.add(mesh);
+        findingNodes.push(mesh);
+
+        // Create connection line
+        const lineGeom = new THREE.BufferGeometry().setFromPoints([
+          mesh.position.clone(),
+          repoPos.clone().add(new THREE.Vector3(0, 1.5, 0))
+        ]);
+        const lineMat = new THREE.LineBasicMaterial({
+          color: config.color,
+          transparent: true,
+          opacity: 0.4
+        });
+        const line = new THREE.Line(lineGeom, lineMat);
+        scene.add(line);
+        findingLines.push(line);
+      });
+
+      // Create central severity indicator
+      const centralGeom = new THREE.TorusGeometry(2, 0.2, 8, 24);
+      const centralMat = new THREE.MeshPhongMaterial({
+        color: config.color,
+        emissive: config.color,
+        emissiveIntensity: 0.3
+      });
+      const centralRing = new THREE.Mesh(centralGeom, centralMat);
+      centralRing.position.copy(repoPos);
+      centralRing.position.y += 2;
+      centralRing.rotation.x = Math.PI / 2;
+      scene.add(centralRing);
+      findingNodes.push(centralRing);
+    }
+
+    function animate() {
+      requestAnimationFrame(animate);
+
+      const time = Date.now() * 0.001;
+
+      // Gentle rotation of central hub
+      if (centralNode) {
+        centralNode.children[0].rotation.y += 0.003;
+        centralNode.children[1].rotation.z += 0.005;
+      }
+
+      // Subtle float for repo nodes
+      repoNodes.forEach((node, i) => {
+        node.position.y = Math.sin(time * 0.5 + i) * 0.15;
+      });
+
+      // Animate finding nodes - gentle orbit and pulse
+      findingNodes.forEach((node, i) => {
+        node.rotation.y += 0.02;
+        node.rotation.x += 0.01;
+        // Pulse effect
+        const scale = 1 + Math.sin(time * 3 + i) * 0.1;
+        node.scale.setScalar(scale);
+      });
+
+      controls.update();
+      renderer.render(scene, camera);
+    }
+
+    function onResize() {
+      camera.aspect = window.innerWidth / window.innerHeight;
+      camera.updateProjectionMatrix();
+      renderer.setSize(window.innerWidth, window.innerHeight);
+    }
+
+    function onMouseMove(event) {
+      mouse.x = (event.clientX / window.innerWidth) * 2 - 1;
+      mouse.y = -(event.clientY / window.innerHeight) * 2 + 1;
+
+      raycaster.setFromCamera(mouse, camera);
+
+      // Check for intersections with finding nodes first, then repo nodes
+      const allClickables = [...findingNodes.filter(n => n.userData.isSeverityNode || n.userData.isFindingNode), ...repoNodes];
+      const intersects = raycaster.intersectObjects(allClickables, true);
+
+      const tooltip = document.getElementById('tooltip3d');
+
+      if (intersects.length > 0) {
+        document.body.style.cursor = 'pointer';
+        let target = intersects[0].object;
+
+        // Check if it's a severity node
+        if (target.userData.isSeverityNode) {
+          tooltip.querySelector('.tooltip-name').textContent = target.userData.label;
+          tooltip.querySelector('.tooltip-stats').innerHTML = `
+            <span class="tooltip-stat">Click to view findings</span>
+          `;
+          tooltip.querySelector('.tooltip-hint').textContent = 'Drill down into ' + target.userData.label;
+          tooltip.style.left = (event.clientX + 15) + 'px';
+          tooltip.style.top = (event.clientY + 15) + 'px';
+          tooltip.classList.add('visible');
+          return;
+        }
+
+        // Check if it's a finding node
+        if (target.userData.isFindingNode) {
+          const f = target.userData.finding;
+          tooltip.querySelector('.tooltip-name').textContent = f.message || f.type;
+          tooltip.querySelector('.tooltip-stats').innerHTML = `
+            <span class="tooltip-stat">${f.type}</span>
+          `;
+          tooltip.querySelector('.tooltip-hint').textContent = f.file ? f.file + (f.line ? ':' + f.line : '') : '';
+          tooltip.style.left = (event.clientX + 15) + 'px';
+          tooltip.style.top = (event.clientY + 15) + 'px';
+          tooltip.classList.add('visible');
+          return;
+        }
+
+        // Find the repo node group
+        while (target.parent && !target.userData.repoId) {
+          target = target.parent;
+        }
+
+        if (target.userData.repoId && target !== hoveredNode) {
+          hoveredNode = target;
+          const repo = state.repos.find(r => r.id === target.userData.repoId);
+
+          if (repo) {
+            // Update tooltip content
+            tooltip.querySelector('.tooltip-name').textContent = repo.name;
+            tooltip.querySelector('.tooltip-stats').innerHTML = `
+              <span class="tooltip-stat critical"><span class="count">${repo.secrets}</span> Secrets</span>
+              <span class="tooltip-stat warning"><span class="count">${repo.vulns}</span> Vulns</span>
+            `;
+            tooltip.querySelector('.tooltip-hint').textContent = 'Click to view severity breakdown';
+
+            // Update colors based on status
+            const critStat = tooltip.querySelector('.tooltip-stat.critical');
+            const warnStat = tooltip.querySelector('.tooltip-stat.warning');
+            if (critStat) critStat.style.color = repo.secrets > 0 ? 'var(--critical)' : 'var(--text-muted)';
+            if (warnStat) warnStat.style.color = repo.vulns > 0 ? 'var(--warning)' : 'var(--text-muted)';
+          }
+        }
+
+        // Position tooltip near cursor
+        tooltip.style.left = (event.clientX + 15) + 'px';
+        tooltip.style.top = (event.clientY + 15) + 'px';
+        tooltip.classList.add('visible');
+
+      } else {
+        document.body.style.cursor = 'default';
+        tooltip.classList.remove('visible');
+        hoveredNode = null;
+      }
+    }
+
+    function onMouseClick(event) {
+      raycaster.setFromCamera(mouse, camera);
+
+      // Check for intersections with finding nodes first, then repo nodes
+      const allClickables = [...findingNodes.filter(n => n.userData.isSeverityNode), ...repoNodes];
+      const intersects = raycaster.intersectObjects(allClickables, true);
+
+      if (intersects.length > 0) {
+        let target = intersects[0].object;
+
+        // Check if clicking a severity node (drill down to findings)
+        if (target.userData.isSeverityNode) {
+          const repo = state.repos.find(r => r.id === state.selectedRepo);
+          const repoNode = repoNodes.find(n => n.userData.repoId === state.selectedRepo);
+          if (repo && repoNode) {
+            showFindingsForSeverity(repo, repoNode, target.userData.severity);
+          }
+          return;
+        }
+
+        // Otherwise, find the repo node group
+        while (target.parent && !target.userData.repoId) {
+          target = target.parent;
+        }
+        if (target.userData.repoId) {
+          selectRepo(target.userData.repoId);
+        }
+      }
+    }
+
+    // ========== UI FUNCTIONS ==========
+    function showView(view) {
+      state.currentView = view;
+      document.querySelectorAll('.nav-tab').forEach(t => t.classList.remove('active'));
+      event.target.classList.add('active');
+
+      document.getElementById('scanner-panel').style.display = view === 'scan' ? 'block' : 'none';
+      document.getElementById('details-panel').style.display = view === 'scan' ? 'block' : 'none';
+      document.getElementById('reports-panel').classList.toggle('active', view === 'reports');
+      document.getElementById('view-info').style.display = view === 'scan' ? 'block' : 'none';
+
+      if (view === 'reports') updateReportsTable();
+    }
+    window.showView = showView;
+
+    function log(message, type = 'info') {
+      const output = document.getElementById('logOutput');
+      const line = document.createElement('div');
+      line.className = `log-line ${type}`;
+      line.textContent = message;
+      output.appendChild(line);
+      output.scrollTop = output.scrollHeight;
+    }
+
+    async function executeScan() {
+      const localPath = document.getElementById('scanPath').value.trim();
+      const gitUrl = document.getElementById('gitUrl').value.trim();
+
+      if (!localPath && !gitUrl) {
+        log('Error: No target specified', 'error');
+        return;
+      }
+
+      const scanBtn = document.getElementById('scanBtn');
+      scanBtn.disabled = true;
+      scanBtn.textContent = 'Scanning...';
+
+      const args = { scanSecrets: true, scanPackages: true };
+      let targetName = '';
+      let targetType = '';
+
+      if (gitUrl) {
+        args.gitUrl = gitUrl;
+        targetName = gitUrl.split('/').slice(-2).join('/').replace('.git', '');
+        targetType = 'git';
+        log(`Scanning: ${gitUrl}`);
+      } else {
+        args.targetPath = localPath;
+        targetName = localPath.split(/[/\\]/).pop() || localPath;
+        targetType = 'local';
+        log(`Scanning: ${localPath}`);
+      }
+
+      try {
+        const res = await fetch(`${AURA_URL}/tools`, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ tool: 'scan-local', arguments: args })
+        });
+
+        const data = await res.json();
+        console.log('API Response:', JSON.stringify(data, null, 2));
+
+        if (data.result?.error) {
+          throw new Error(data.result.error);
+        }
+
+        const scanData = data.result?.scan_details || data.result || data;
+        console.log('scanData:', JSON.stringify({
+          secrets_found: scanData.secrets_found,
+          package_vulns: scanData.package_vulns,
+          raw_findings_keys: Object.keys(scanData.raw_findings || {})
+        }, null, 2));
+        const repoPath = gitUrl || localPath;
+
+        // Check if this repo was already scanned (update instead of duplicate)
+        const existingRepo = state.repos.find(r => r.path === repoPath);
+        const existingReportIdx = state.reports.findIndex(r => r.path === repoPath);
+
+        const repo = {
+          id: existingRepo?.id || Date.now().toString(),
+          name: targetName,
+          path: repoPath,
+          type: targetType,
+          secrets: scanData.secrets_found || 0,
+          vulns: scanData.package_vulns || 0,
+          findings: [],
+          timestamp: new Date().toISOString(),
+          status: 'complete',
+          rawData: scanData
+        };
+
+        // Extract findings from all sources
+        const rf = scanData.raw_findings || {};
+
+        // Secrets - use actual severity from scanner
+        if (rf.secrets) {
+          rf.secrets.forEach(s => {
+            repo.findings.push({
+              severity: s.severity?.toLowerCase() || 'critical',
+              type: 'SECRET',
+              message: `${s.type || 'Secret'} detected`,
+              file: s.file,
+              line: s.line
+            });
+          });
+        }
+
+        // Package vulnerabilities (backend uses 'packages' not 'packageVulns')
+        if (rf.packages) {
+          rf.packages.forEach(v => {
+            repo.findings.push({
+              severity: v.severity?.toLowerCase() || 'medium',
+              type: 'VULN',
+              message: v.title || v.vulnId || v.name,
+              file: `${v.name}@${v.version}`
+            });
+          });
+        }
+
+        // SAST findings
+        if (rf.sastFindings) {
+          rf.sastFindings.forEach(s => {
+            repo.findings.push({
+              severity: s.severity?.toLowerCase() || 'medium',
+              type: 'CODE',
+              message: s.message || s.rule,
+              file: s.file,
+              line: s.line
+            });
+          });
+        }
+
+        // IaC findings (Terraform, Kubernetes, etc.)
+        if (rf.iacFindings) {
+          rf.iacFindings.forEach(i => {
+            repo.findings.push({
+              severity: i.severity?.toLowerCase() || 'medium',
+              type: 'IAC',
+              message: i.title || i.checkId,
+              file: i.file
+            });
+          });
+        }
+
+        // Dockerfile findings
+        if (rf.dockerfileFindings) {
+          rf.dockerfileFindings.forEach(d => {
+            repo.findings.push({
+              severity: d.severity?.toLowerCase() || 'medium',
+              type: 'DOCKER',
+              message: d.message || d.code,
+              file: d.file,
+              line: d.line
+            });
+          });
+        }
+
+        // Update or add repo to state
+        if (existingRepo) {
+          // Update existing repo
+          const idx = state.repos.findIndex(r => r.id === existingRepo.id);
+          if (idx !== -1) state.repos[idx] = repo;
+
+          // Update existing report
+          if (existingReportIdx !== -1) state.reports[existingReportIdx] = repo;
+
+          // Update existing 3D node
+          const existingNode = repoNodes.find(n => n.userData.repoId === repo.id);
+          if (existingNode) {
+            updateNodeColor(existingNode, repo);
+          }
+
+          log(`Updated: ${repo.secrets} secrets, ${repo.vulns} vulnerabilities`, repo.secrets > 0 ? 'error' : 'success');
+        } else {
+          // Add new repo
+          state.repos.push(repo);
+          state.reports.push(repo);
+          addRepoNode(repo);
+
+          log(`Complete: ${repo.secrets} secrets, ${repo.vulns} vulnerabilities`, repo.secrets > 0 ? 'error' : 'success');
+        }
+        updateUI();
+        selectRepo(repo.id);
+
+      } catch (err) {
+        console.error('Scan error:', err);
+        log(`Error: ${err.message}`, 'error');
+      }
+
+      scanBtn.disabled = false;
+      scanBtn.textContent = 'Start Scan';
+    }
+    window.executeScan = executeScan;
+
+    function selectRepo(repoId) {
+      state.selectedRepo = repoId;
+      updateUI();
+
+      let selectedNode = null;
+      repoNodes.forEach(node => {
+        const isSelected = node.userData.repoId === repoId;
+        node.scale.setScalar(isSelected ? 1.15 : 1);
+        if (isSelected) selectedNode = node;
+      });
+
+      document.querySelectorAll('.repo-item').forEach(item => {
+        item.classList.toggle('selected', item.dataset.id === repoId);
+      });
+
+      const repo = state.repos.find(r => r.id === repoId);
+      if (repo) {
+        document.getElementById('selectedRepoInfo').classList.add('visible');
+        document.getElementById('selectedRepoName').textContent = repo.name;
+        document.getElementById('selectedRepoPath').textContent = repo.path;
+        updateFindingsList(repo);
+
+        // Show severity breakdown in 3D view (Level 1)
+        if (selectedNode) {
+          showSeverityNodes(repo, selectedNode);
+        }
+      } else {
+        // No repo selected, clear finding nodes
+        state.drillLevel = 0;
+        clearFindingNodes();
+        updateNav3D();
+      }
+    }
+    window.selectRepo = selectRepo;
+
+    function updateUI() {
+      let totalCrit = 0, totalWarn = 0;
+      state.repos.forEach(r => {
+        totalCrit += r.secrets;
+        totalWarn += r.vulns;
+      });
+
+      document.getElementById('totalCritical').textContent = totalCrit;
+      document.getElementById('totalWarning').textContent = totalWarn;
+      document.getElementById('totalRepos').textContent = state.repos.length;
+
+      const repoList = document.getElementById('repoList');
+      if (state.repos.length === 0) {
+        repoList.innerHTML = `
+          <div class="empty-state">
+            <div class="empty-state-icon">📁</div>
+            <p>No targets scanned yet</p>
+          </div>
+        `;
+      } else {
+        repoList.innerHTML = state.repos.map(r => {
+          let status = 'safe';
+          if (r.secrets > 0) status = 'critical';
+          else if (r.vulns > 0) status = 'warning';
+
+          return `
+            <div class="repo-item ${state.selectedRepo === r.id ? 'selected' : ''}"
+                 data-id="${r.id}" onclick="selectRepo('${r.id}')">
+              <div class="repo-status ${status}"></div>
+              <div class="repo-info">
+                <div class="repo-name">${r.name}</div>
+                <div class="repo-path">${r.type === 'git' ? '🌐' : '📁'} ${r.path}</div>
+              </div>
+              <div class="repo-stats">${r.secrets}S / ${r.vulns}V</div>
+            </div>
+          `;
+        }).join('');
+      }
+    }
+
+    function updateFindingsList(repo) {
+      const container = document.getElementById('findingList');
+
+      if (!repo || repo.findings.length === 0) {
+        container.innerHTML = `
+          <div class="empty-state">
+            <div class="empty-state-icon">✓</div>
+            <p>${repo ? 'No findings for this target' : 'Select a target to view findings'}</p>
+          </div>
+        `;
+        return;
+      }
+
+      container.innerHTML = repo.findings.map(f => `
+        <div class="finding-item ${f.severity}">
+          <div class="finding-header">
+            <span class="finding-severity">${f.severity}</span>
+            <span class="finding-type">${f.type}</span>
+          </div>
+          <div class="finding-message">${f.message}</div>
+          ${f.file ? `<div class="finding-file">${f.file}${f.line ? ':' + f.line : ''}</div>` : ''}
+        </div>
+      `).join('');
+    }
+
+    function updateReportsTable() {
+      const tbody = document.getElementById('reportTableBody');
+
+      if (state.reports.length === 0) {
+        tbody.innerHTML = '<tr><td colspan="7" style="text-align: center; color: var(--text-muted);">No reports yet</td></tr>';
+        return;
+      }
+
+      tbody.innerHTML = state.reports.map(r => `
+        <tr>
+          <td>${new Date(r.timestamp).toLocaleString()}</td>
+          <td>${r.name}</td>
+          <td>${r.type.toUpperCase()}</td>
+          <td style="color: ${r.secrets > 0 ? 'var(--critical)' : 'var(--success)'}">${r.secrets}</td>
+          <td style="color: ${r.vulns > 0 ? 'var(--warning)' : 'var(--success)'}">${r.vulns}</td>
+          <td>${r.status}</td>
+          <td>
+            <button class="btn btn-secondary" style="width: auto; padding: 4px 10px; font-size: 11px;" onclick="viewReport('${r.id}')">View</button>
+          </td>
+        </tr>
+      `).join('');
+    }
+
+    function viewReport(repoId) {
+      showView('scan');
+      document.querySelector('.nav-tab').classList.add('active');
+      document.querySelectorAll('.nav-tab')[1].classList.remove('active');
+      selectRepo(repoId);
+    }
+    window.viewReport = viewReport;
+
+    function exportReports(format) {
+      if (state.reports.length === 0) {
+        log('No reports to export', 'error');
+        return;
+      }
+
+      let content, filename, type;
+
+      if (format === 'json') {
+        content = JSON.stringify(state.reports, null, 2);
+        filename = `aura-audit-${Date.now()}.json`;
+        type = 'application/json';
+      } else {
+        const headers = ['Timestamp', 'Name', 'Path', 'Type', 'Secrets', 'Vulns', 'Status'];
+        const rows = state.reports.map(r =>
+          [r.timestamp, r.name, r.path, r.type, r.secrets, r.vulns, r.status].join(',')
+        );
+        content = [headers.join(','), ...rows].join('\n');
+        filename = `aura-audit-${Date.now()}.csv`;
+        type = 'text/csv';
+      }
+
+      const blob = new Blob([content], { type });
+      const url = URL.createObjectURL(blob);
+      const a = document.createElement('a');
+      a.href = url;
+      a.download = filename;
+      a.click();
+      URL.revokeObjectURL(url);
+
+      log(`Exported ${state.reports.length} reports`, 'success');
+    }
+    window.exportReports = exportReports;
+
+    function clearAllReports() {
+      if (confirm('Clear all scan reports?')) {
+        state.reports = [];
+        state.repos = [];
+        state.selectedRepo = null;
+
+        repoNodes.forEach(node => {
+          if (node.userData.connectionLine) scene.remove(node.userData.connectionLine);
+          scene.remove(node);
+        });
+        repoNodes = [];
+
+        updateUI();
+        updateReportsTable();
+        document.getElementById('selectedRepoInfo').classList.remove('visible');
+        document.getElementById('findingList').innerHTML = `
+          <div class="empty-state">
+            <div class="empty-state-icon">🔍</div>
+            <p>Select a target to view findings</p>
+          </div>
+        `;
+
+        log('All reports cleared');
+      }
+    }
+    window.clearAllReports = clearAllReports;
+
+    // ========== INIT ==========
+    initScene();
+    log('Ready to scan');
+  </script>
+</body>
+</html>