averecion-lite 1.5.2 → 1.6.1

package/dashboard/dash.css

@@ -443,46 +443,6 @@ body {
   color: var(--text-muted);
 }
 
-.safety-grid {
-  display: grid;
-  gap: 0.75rem;
-}
-
-.safety-item {
-  display: flex;
-  align-items: center;
-  gap: 0.75rem;
-  padding: 1rem;
-  background: var(--bg-card);
-  border-radius: 12px;
-  border: 1px solid var(--border);
-}
-
-.safety-item.pass {
-  border-color: rgba(34, 197, 94, 0.3);
-}
-
-.safety-item.fail {
-  border-color: rgba(239, 68, 68, 0.3);
-}
-
-.check-icon {
-  width: 24px;
-  height: 24px;
-  border-radius: 50%;
-  display: flex;
-  align-items: center;
-  justify-content: center;
-  font-size: 0.8rem;
-}
-
-.safety-item.pass .check-icon {
-  background: var(--success);
-}
-
-.safety-item.fail .check-icon {
-  background: var(--danger);
-}
 
 .activity-list {
   background: var(--bg-card);
@@ -606,75 +566,251 @@ body {
   cursor: help;
 }
 
-.protection-section {
+.protection-safety-section {
   margin-bottom: 1.5rem;
 }
 
-.protection-score {
+.protection-safety-card {
   background: var(--bg-card);
   border-radius: 16px;
-  padding: 1.5rem;
+  padding: 1.25rem;
   border: 1px solid var(--border);
 }
 
-.score-header {
+.ps-header {
   display: flex;
   align-items: center;
-  gap: 1rem;
+  gap: 0.75rem;
   margin-bottom: 1rem;
+  padding-bottom: 0.75rem;
+  border-bottom: 1px solid var(--border);
 }
 
-.score-value {
-  font-size: 2rem;
+.ps-score {
+  font-size: 1.75rem;
   font-weight: 700;
   color: var(--success);
 }
 
-.score-label {
+.ps-label {
   color: var(--text-secondary);
-  font-size: 1rem;
+  font-size: 0.95rem;
 }
 
-.score-bars {
-  display: grid;
-  grid-template-columns: repeat(4, 1fr);
-  gap: 0.75rem;
+.ps-checks {
+  display: flex;
+  flex-direction: column;
+  gap: 0.5rem;
 }
 
-.score-bar {
+.ps-check {
   display: flex;
-  flex-direction: column;
   align-items: center;
-  gap: 0.5rem;
-  padding: 1rem 0.5rem;
+  gap: 0.75rem;
+  padding: 0.6rem 0.75rem;
   background: var(--bg-dark);
-  border-radius: 12px;
-  border: 2px solid var(--border);
+  border-radius: 10px;
+  border: 1px solid var(--border);
   cursor: help;
-  transition: border-color 0.2s, transform 0.2s;
+  transition: border-color 0.2s;
 }
 
-.score-bar.active {
-  border-color: var(--success);
+.ps-check.active {
+  border-color: rgba(34, 197, 94, 0.3);
 }
 
-.score-bar.inactive {
-  border-color: var(--danger);
-  opacity: 0.6;
+.ps-check.inactive {
+  border-color: rgba(239, 68, 68, 0.3);
+  opacity: 0.7;
 }
 
-.score-bar:hover {
-  transform: translateY(-2px);
+.ps-check-icon {
+  font-size: 1.1rem;
 }
 
-.bar-icon {
-  font-size: 1.5rem;
+.ps-check-label {
+  flex: 1;
+  font-size: 0.85rem;
+  color: var(--text-secondary);
 }
 
-.bar-label {
-  font-size: 0.75rem;
+.ps-check-status {
+  font-size: 0.8rem;
+  font-weight: 700;
+  color: var(--success);
+  width: 20px;
+  height: 20px;
+  border-radius: 50%;
+  background: rgba(34, 197, 94, 0.2);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+}
+
+.ps-check.inactive .ps-check-status {
+  color: var(--danger);
+  background: rgba(239, 68, 68, 0.2);
+}
+
+.header-scan-btn {
+  background: linear-gradient(135deg, #7c3aed 0%, #a855f7 100%);
+  border: none;
+  color: #fff;
+  padding: 0.5rem 1rem;
+  border-radius: 8px;
+  font-size: 0.85rem;
+  font-weight: 600;
+  cursor: pointer;
+  transition: all 0.2s;
+  box-shadow: 0 2px 10px rgba(124, 58, 237, 0.3);
+}
+
+.header-scan-btn:hover {
+  transform: translateY(-1px);
+  box-shadow: 0 4px 15px rgba(124, 58, 237, 0.4);
+}
+
+.section-accordion {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  width: 100%;
+  padding: 0.85rem 1rem;
+  background: var(--bg-card);
+  border: 1px solid var(--border);
+  border-radius: 12px;
   color: var(--text-secondary);
+  font-size: 0.9rem;
+  font-weight: 500;
+  cursor: pointer;
+  transition: all 0.2s;
+}
+
+.section-accordion:hover {
+  border-color: rgba(255, 255, 255, 0.15);
+  color: var(--text-primary);
+}
+
+.accordion-arrow {
+  font-size: 0.7rem;
+  transition: transform 0.2s;
+}
+
+.section-accordion.expanded .accordion-arrow {
+  transform: rotate(90deg);
+}
+
+.security-arch-grid.collapsed {
+  display: none;
+}
+
+.modal-overlay {
+  position: fixed;
+  top: 0;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  background: rgba(0, 0, 0, 0.7);
+  backdrop-filter: blur(4px);
+  z-index: 2000;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 2rem;
+  animation: fadeIn 0.2s ease;
+}
+
+.modal-overlay.hidden {
+  display: none;
+}
+
+.modal-content {
+  background: var(--bg-dark);
+  border: 1px solid var(--border);
+  border-radius: 20px;
+  width: 100%;
+  max-width: 700px;
+  max-height: 85vh;
+  display: flex;
+  flex-direction: column;
+  box-shadow: 0 20px 60px rgba(0, 0, 0, 0.5);
+}
+
+.modal-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 1.25rem 1.5rem;
+  border-bottom: 1px solid var(--border);
+}
+
+.modal-header h2 {
+  font-size: 1.2rem;
+  color: var(--text-primary);
+  margin: 0;
+}
+
+.modal-close {
+  background: none;
+  border: none;
+  color: var(--text-muted);
+  font-size: 1.75rem;
+  cursor: pointer;
+  padding: 0;
+  line-height: 1;
+  transition: color 0.2s;
+}
+
+.modal-close:hover {
+  color: var(--text-primary);
+}
+
+.modal-body {
+  padding: 1.5rem;
+  overflow-y: auto;
+  flex: 1;
+}
+
+.modal-scan-area {
   text-align: center;
+  padding: 1rem 0;
+}
+
+.modal-scan-desc {
+  color: var(--text-secondary);
+  font-size: 0.9rem;
+  margin-bottom: 1.25rem;
+  line-height: 1.5;
+}
+
+.modal-footer {
+  display: flex;
+  gap: 0.75rem;
+  padding: 1rem 1.5rem;
+  border-top: 1px solid var(--border);
+}
+
+.modal-footer.hidden {
+  display: none;
+}
+
+.modal-export-btn {
+  flex: 1;
+  padding: 0.65rem 1rem;
+  background: var(--bg-card);
+  border: 1px solid var(--border);
+  border-radius: 10px;
+  color: var(--text-secondary);
+  font-size: 0.85rem;
+  font-weight: 500;
+  cursor: pointer;
+  transition: all 0.2s;
+}
+
+.modal-export-btn:hover {
+  border-color: rgba(124, 58, 237, 0.5);
+  color: var(--text-primary);
+  background: var(--bg-card-hover);
 }
 
 .activity-item.has-context {
@@ -936,8 +1072,14 @@ body {
     align-items: flex-start;
   }
   
-  .score-bars {
-    grid-template-columns: repeat(2, 1fr);
+  .header-actions {
+    flex-wrap: wrap;
+    justify-content: center;
+  }
+  
+  .modal-content {
+    max-height: 90vh;
+    margin: 1rem;
   }
   
   .hero h1 {
@@ -1157,18 +1299,14 @@ body {
 }
 
 .security-arch-section {
-  margin-top: 2rem;
+  margin-bottom: 1.5rem;
 }
 
 .security-arch-grid {
   display: grid;
-  grid-template-columns: repeat(2, 1fr);
-  gap: 0.75rem;
-  margin-top: 1rem;
-}
-
-.dash-col-right .security-arch-grid {
   grid-template-columns: 1fr;
+  gap: 0.5rem;
+  margin-top: 0.5rem;
 }
 
 .arch-item {
@@ -1201,13 +1339,6 @@ body {
   line-height: 1.5;
 }
 
-.threat-section {
-  margin-top: 2rem;
-}
-
-.threat-header {
-  margin-top: 1rem;
-}
 
 .threat-scan-btn {
   background: linear-gradient(135deg, #7c3aed 0%, #a855f7 100%);
@@ -1298,48 +1429,13 @@ body {
 .threat-summary-badge.low { background: rgba(96, 165, 250, 0.2); color: #60a5fa; }
 .threat-summary-badge.passed { background: rgba(34, 197, 94, 0.2); color: var(--success); }
 
-.threat-findings-toggle {
-  display: flex;
-  align-items: center;
-  gap: 0.5rem;
-  margin-top: 0.75rem;
-  padding: 0.5rem 0.75rem;
-  background: var(--bg-card);
-  border: 1px solid var(--border);
-  border-radius: 8px;
-  cursor: pointer;
-  color: var(--text-secondary);
-  font-size: 0.8rem;
-  transition: all 0.2s;
-  width: 100%;
-  text-align: left;
-}
-
-.threat-findings-toggle:hover {
-  border-color: var(--primary, #7c3aed);
-  color: var(--text-primary);
-}
-
-.threat-findings-toggle .toggle-arrow {
-  transition: transform 0.2s;
-  font-size: 0.7rem;
-}
-
-.threat-findings-toggle.expanded .toggle-arrow {
-  transform: rotate(90deg);
-}
-
 .threat-findings {
-  margin-top: 0.5rem;
+  margin-top: 1rem;
   display: flex;
   flex-direction: column;
   gap: 0.5rem;
 }
 
-.threat-findings.collapsed {
-  display: none;
-}
-
 .threat-finding {
   background: var(--bg-card);
   border: 1px solid var(--border);

package/dashboard/dash.js

@@ -235,13 +235,6 @@
       globalStatus.className = "status-badge protected";
     }
 
-    const checkLocal = document.getElementById("check-local");
-    const checkSecret = document.getElementById("check-secret");
-    const checkInjection = document.getElementById("check-injection");
-
-    if (checkLocal) checkLocal.className = "safety-item " + (metrics.instance.dashboardLocalOnly ? "pass" : "fail");
-    if (checkSecret) checkSecret.className = "safety-item " + (metrics.instance.secretsEnvOnly ? "pass" : "fail");
-    if (checkInjection) checkInjection.className = "safety-item pass";
 
     const activityList = document.getElementById("activity-list");
     if (metrics.lastActions && metrics.lastActions.length > 0) {
@@ -397,42 +390,35 @@
 
   function updateProtectionScore(metrics) {
     let score = 0;
-    const bars = {
+    const checks = {
       local: document.getElementById("bar-local"),
       secret: document.getElementById("bar-secret"),
       injection: document.getElementById("bar-injection"),
       approval: document.getElementById("bar-approval")
     };
+    const statusEls = {
+      local: document.getElementById("check-local"),
+      secret: document.getElementById("check-secret"),
+      injection: document.getElementById("check-injection")
+    };
 
-    if (metrics.instance.dashboardLocalOnly) {
-      score++;
-      bars.local?.classList.add("active");
-      bars.local?.classList.remove("inactive");
-    } else {
-      bars.local?.classList.remove("active");
-      bars.local?.classList.add("inactive");
-    }
-
-    if (metrics.instance.secretsEnvOnly) {
-      score++;
-      bars.secret?.classList.add("active");
-      bars.secret?.classList.remove("inactive");
-    } else {
-      bars.secret?.classList.remove("active");
-      bars.secret?.classList.add("inactive");
+    function setCheck(key, active) {
+      if (active) {
+        score++;
+        checks[key]?.classList.add("active");
+        checks[key]?.classList.remove("inactive");
+        if (statusEls[key]) { statusEls[key].textContent = "✓"; }
+      } else {
+        checks[key]?.classList.remove("active");
+        checks[key]?.classList.add("inactive");
+        if (statusEls[key]) { statusEls[key].textContent = "✗"; }
+      }
     }
 
-    score++;
-    bars.injection?.classList.add("active");
-
-    if (localStorage.getItem("protection_level") !== "relaxed") {
-      score++;
-      bars.approval?.classList.add("active");
-      bars.approval?.classList.remove("inactive");
-    } else {
-      bars.approval?.classList.remove("active");
-      bars.approval?.classList.add("inactive");
-    }
+    setCheck("local", metrics.instance.dashboardLocalOnly);
+    setCheck("secret", metrics.instance.secretsEnvOnly);
+    setCheck("injection", true);
+    setCheck("approval", localStorage.getItem("protection_level") !== "relaxed");
 
     const scoreEl = document.getElementById("score-value");
     if (scoreEl) {
@@ -911,7 +897,8 @@
   initProtectionToggle();
   initNotificationToggle();
   initResetButton();
-  initThreatScan();
+  initThreatModal();
+  initSecurityAccordion();
 
   function initNotificationToggle() {
     const btn = document.getElementById("btn-notifications");
@@ -949,15 +936,41 @@
     });
   }
 
-  function initThreatScan() {
-    const btn = document.getElementById("btn-scan");
+  let lastScanData = null;
+
+  function initThreatModal() {
+    const modal = document.getElementById("threat-modal");
+    const headerBtn = document.getElementById("btn-scan-header");
+    const closeBtn = document.getElementById("btn-modal-close");
+    const scanBtn = document.getElementById("btn-scan");
+    const exportJsonBtn = document.getElementById("btn-export-json");
+    const exportCopyBtn = document.getElementById("btn-export-copy");
+    if (!modal || !headerBtn) return;
+
+    headerBtn.addEventListener("click", () => {
+      modal.classList.remove("hidden");
+    });
+
+    closeBtn?.addEventListener("click", () => {
+      modal.classList.add("hidden");
+    });
+
+    modal.addEventListener("click", (e) => {
+      if (e.target === modal) modal.classList.add("hidden");
+    });
+
+    document.addEventListener("keydown", (e) => {
+      if (e.key === "Escape" && !modal.classList.contains("hidden")) {
+        modal.classList.add("hidden");
+      }
+    });
+
     const scoreDisplay = document.getElementById("threat-score-display");
     const findingsEl = document.getElementById("threat-findings");
-    if (!btn || !scoreDisplay || !findingsEl) return;
 
-    btn.addEventListener("click", async () => {
-      btn.disabled = true;
-      btn.textContent = "🔍 Scanning...";
+    scanBtn?.addEventListener("click", async () => {
+      scanBtn.disabled = true;
+      scanBtn.textContent = "🔍 Scanning...";
 
       try {
         const headers = {};
@@ -965,13 +978,36 @@
         const res = await fetch("/api/threat-assessment", { headers });
         if (!res.ok) throw new Error("Scan failed");
         const data = await res.json();
+        lastScanData = data;
         renderThreatResults(data, scoreDisplay, findingsEl);
-        btn.textContent = "🔍 Rescan";
+        scanBtn.textContent = "🔍 Rescan";
+        document.getElementById("modal-export-footer")?.classList.remove("hidden");
       } catch (err) {
-        btn.textContent = "⚠️ Scan Failed — Retry";
+        scanBtn.textContent = "⚠️ Scan Failed — Retry";
         console.error("Threat scan error:", err);
       }
-      btn.disabled = false;
+      scanBtn.disabled = false;
+    });
+
+    exportJsonBtn?.addEventListener("click", () => {
+      if (!lastScanData) return;
+      const blob = new Blob([JSON.stringify(lastScanData, null, 2)], { type: "application/json" });
+      const url = URL.createObjectURL(blob);
+      const a = document.createElement("a");
+      a.href = url;
+      a.download = `clawguard-scan-${new Date().toISOString().slice(0, 10)}.json`;
+      a.click();
+      URL.revokeObjectURL(url);
+    });
+
+    exportCopyBtn?.addEventListener("click", () => {
+      if (!lastScanData) return;
+      const text = `Clawguard Security Scan - ${new Date().toLocaleDateString()}\nGrade: ${lastScanData.grade} | Score: ${lastScanData.score}/100\n\n` +
+        lastScanData.findings.map(f => `[${f.passed ? "PASS" : f.severity.toUpperCase()}] ${f.title}: ${f.description}${!f.passed ? "\n  → " + f.recommendation : ""}`).join("\n");
+      navigator.clipboard.writeText(text).then(() => {
+        exportCopyBtn.textContent = "✓ Copied!";
+        setTimeout(() => { exportCopyBtn.textContent = "📋 Copy to Clipboard"; }, 2000);
+      });
     });
   }
 
@@ -997,30 +1033,6 @@
     const failed = data.findings.filter(f => !f.passed);
     const passed = data.findings.filter(f => f.passed);
     const sorted = [...failed, ...passed];
-    const failCount = failed.length;
-
-    let existingToggle = document.querySelector(".threat-findings-toggle");
-    if (!existingToggle) {
-      existingToggle = document.createElement("button");
-      existingToggle.className = "threat-findings-toggle";
-      existingToggle.setAttribute("data-testid", "btn-findings-toggle");
-      findingsEl.parentNode.insertBefore(existingToggle, findingsEl);
-      existingToggle.addEventListener("click", () => {
-        const isCollapsed = findingsEl.classList.contains("collapsed");
-        if (isCollapsed) {
-          findingsEl.classList.remove("collapsed");
-          existingToggle.classList.add("expanded");
-        } else {
-          findingsEl.classList.add("collapsed");
-          existingToggle.classList.remove("expanded");
-        }
-        existingToggle.querySelector(".toggle-label").textContent = 
-          findingsEl.classList.contains("collapsed") ? `Show ${data.findings.length} findings (${failCount} issues)` : "Hide findings";
-      });
-    }
-    existingToggle.innerHTML = `<span class="toggle-arrow">▶</span> <span class="toggle-label">Show ${data.findings.length} findings (${failCount} issues)</span>`;
-    findingsEl.classList.add("collapsed");
-    existingToggle.classList.remove("expanded");
 
     findingsEl.innerHTML = sorted.map(f => {
       const sevIcon = f.passed ? "✓" : (f.severity === "critical" ? "!!" : f.severity === "high" ? "!" : f.severity === "medium" ? "~" : "·");
@@ -1038,6 +1050,23 @@
     }).join("");
   }
 
+  function initSecurityAccordion() {
+    const btn = document.getElementById("btn-toggle-security");
+    const content = document.getElementById("security-arch-content");
+    if (!btn || !content) return;
+
+    btn.addEventListener("click", () => {
+      const isCollapsed = content.classList.contains("collapsed");
+      if (isCollapsed) {
+        content.classList.remove("collapsed");
+        btn.classList.add("expanded");
+      } else {
+        content.classList.add("collapsed");
+        btn.classList.remove("expanded");
+      }
+    });
+  }
+
   function initResetButton() {
     const btn = document.getElementById("btn-reset");
     if (!btn) return;

package/dashboard/index.html

@@ -106,6 +106,9 @@
           </div>
         </div>
         <div class="header-actions">
+          <button id="btn-scan-header" class="header-scan-btn" data-testid="btn-scan-header" title="Run a full security scan">
+            🔍 Security Scan
+          </button>
           <button id="btn-notifications" class="notification-toggle" data-testid="btn-notifications" title="Enable browser notifications">
             🔔 Notifications
           </button>
@@ -200,96 +203,66 @@
           </div>
 
           <div class="dash-col-right">
-            <section class="protection-section">
-              <div class="protection-score" data-testid="protection-score">
-                <div class="score-header">
-                  <span class="score-value" id="score-value">4/4</span>
-                  <span class="score-label">Protection Score</span>
+            <section class="protection-safety-section">
+              <div class="protection-safety-card" data-testid="protection-score">
+                <div class="ps-header">
+                  <span class="ps-score" id="score-value">4/4</span>
+                  <span class="ps-label">Protection Active</span>
                 </div>
-                <div class="score-bars">
-                  <div class="score-bar active" id="bar-local" data-tooltip="Dashboard only accessible from your computer">
-                    <span class="bar-icon">🏠</span>
-                    <span class="bar-label">Local Only</span>
+                <div class="ps-checks">
+                  <div class="ps-check active" id="bar-local" data-tooltip="Dashboard only accessible from your computer">
+                    <span class="ps-check-icon">🏠</span>
+                    <span class="ps-check-label">Local Only</span>
+                    <span class="ps-check-status" id="check-local" data-testid="check-local">✓</span>
                   </div>
-                  <div class="score-bar active" id="bar-secret" data-tooltip="Your dashboard is protected by a secret key">
-                    <span class="bar-icon">🔑</span>
-                    <span class="bar-label">Secret Key</span>
+                  <div class="ps-check active" id="bar-secret" data-tooltip="Your dashboard is protected by a secret key">
+                    <span class="ps-check-icon">🔑</span>
+                    <span class="ps-check-label">Secret Key</span>
+                    <span class="ps-check-status" id="check-secret" data-testid="check-secret">✓</span>
                   </div>
-                  <div class="score-bar active" id="bar-injection" data-tooltip="Detecting prompt injection attempts in real-time">
-                    <span class="bar-icon">🛡️</span>
-                    <span class="bar-label">Injection Detection</span>
+                  <div class="ps-check active" id="bar-injection" data-tooltip="Detecting prompt injection attempts in real-time">
+                    <span class="ps-check-icon">🛡️</span>
+                    <span class="ps-check-label">Injection Detection</span>
+                    <span class="ps-check-status" id="check-injection" data-testid="check-injection">✓</span>
                   </div>
-                  <div class="score-bar active" id="bar-approval" data-tooltip="Real-time visibility into all agent activity">
-                    <span class="bar-icon">👁️</span>
-                    <span class="bar-label">Live Monitoring</span>
+                  <div class="ps-check active" id="bar-approval" data-tooltip="Real-time visibility into all agent activity">
+                    <span class="ps-check-icon">👁️</span>
+                    <span class="ps-check-label">Live Monitoring</span>
+                    <span class="ps-check-status">✓</span>
                   </div>
                 </div>
               </div>
             </section>
 
-            <section class="safety-section">
-              <h2>Safety Checks</h2>
-              <div class="safety-grid">
-                <div class="safety-item pass" id="check-local" data-testid="check-local">
-                  <span class="check-icon">✓</span>
-                  <span>Dashboard is local-only</span>
-                  <span class="legend-help" data-tooltip="Only you can see this dashboard - no remote access">?</span>
-                </div>
-                <div class="safety-item pass" id="check-secret" data-testid="check-secret">
-                  <span class="check-icon">✓</span>
-                  <span>Secret key protected</span>
-                  <span class="legend-help" data-tooltip="Your dashboard is locked with a secret key">?</span>
-                </div>
-                <div class="safety-item pass" id="check-injection" data-testid="check-injection">
-                  <span class="check-icon">✓</span>
-                  <span>Prompt injection detection active</span>
-                  <span class="legend-help" data-tooltip="Detecting hidden attack instructions in real-time">?</span>
-                </div>
-              </div>
-            </section>
-
             <section class="security-arch-section">
-              <h2>Dashboard Security <span class="legend-help" data-tooltip="Why your bot can never access or tamper with this dashboard">?</span></h2>
-              <div class="security-arch-grid">
+              <button class="section-accordion" id="btn-toggle-security" data-testid="btn-toggle-security">
+                <span>🔒 How Your Dashboard Stays Safe</span>
+                <span class="accordion-arrow">▶</span>
+              </button>
+              <div class="security-arch-grid collapsed" id="security-arch-content">
                 <div class="arch-item">
                   <div class="arch-icon">🔒</div>
                   <div class="arch-title">Local-Only Binding</div>
-                  <div class="arch-desc">Dashboard listens on localhost only. No external network can reach it — even if your server is public.</div>
+                  <div class="arch-desc">Dashboard listens on localhost only. No external network can reach it.</div>
                 </div>
                 <div class="arch-item">
                   <div class="arch-icon">🔑</div>
                   <div class="arch-title">Secret Key Auth</div>
-                  <div class="arch-desc">Every request requires a secret key your bot never sees. Even local processes can't access data without it.</div>
+                  <div class="arch-desc">Every request requires a secret key your bot never sees.</div>
                 </div>
                 <div class="arch-item">
                   <div class="arch-icon">👁️</div>
                   <div class="arch-title">Passive Monitoring</div>
-                  <div class="arch-desc">Clawguard only reads log files — it never writes to the bot, sends commands, or modifies any configuration.</div>
+                  <div class="arch-desc">Clawguard only reads log files — never writes to the bot.</div>
                 </div>
                 <div class="arch-item">
                   <div class="arch-icon">🚫</div>
                   <div class="arch-title">No Write-Back Path</div>
-                  <div class="arch-desc">There is no API, socket, or channel from the dashboard back to your bot. The connection is strictly one-way.</div>
+                  <div class="arch-desc">No API, socket, or channel from dashboard back to your bot.</div>
                 </div>
               </div>
             </section>
 
-            <section class="threat-section" id="threat-section">
-              <h2>Threat Assessment <span class="legend-help" data-tooltip="Holistic security scan of your server">?</span></h2>
-              <div class="threat-header" id="threat-header">
-                <button class="threat-scan-btn" id="btn-scan" data-testid="btn-scan">🔍 Run Security Scan</button>
-                <div class="threat-score-display hidden" id="threat-score-display">
-                  <div class="threat-grade" id="threat-grade">-</div>
-                  <div class="threat-score-info">
-                    <span class="threat-score-value" id="threat-score-value">-/100</span>
-                    <span class="threat-score-label">Security Score</span>
-                  </div>
-                  <div class="threat-summary" id="threat-summary"></div>
-                </div>
-              </div>
-              <div class="threat-findings collapsed" id="threat-findings" data-testid="threat-findings"></div>
-            </section>
-
             <section class="control-section">
               <h2>Protection Level</h2>
               <div class="protection-toggle" data-testid="protection-toggle">
@@ -361,6 +334,34 @@
     </div>
   </div>
 
+  <div class="modal-overlay hidden" id="threat-modal" data-testid="threat-modal">
+    <div class="modal-content">
+      <div class="modal-header">
+        <h2>🔍 Threat Assessment</h2>
+        <button class="modal-close" id="btn-modal-close" data-testid="btn-modal-close">&times;</button>
+      </div>
+      <div class="modal-body">
+        <div class="modal-scan-area" id="modal-scan-area">
+          <p class="modal-scan-desc">Run a full security scan of your server environment. Checks processes, files, secrets, network, system, and bot-specific risks.</p>
+          <button class="threat-scan-btn" id="btn-scan" data-testid="btn-scan">🔍 Run Security Scan</button>
+        </div>
+        <div class="threat-score-display hidden" id="threat-score-display">
+          <div class="threat-grade" id="threat-grade">-</div>
+          <div class="threat-score-info">
+            <span class="threat-score-value" id="threat-score-value">-/100</span>
+            <span class="threat-score-label">Security Score</span>
+          </div>
+          <div class="threat-summary" id="threat-summary"></div>
+        </div>
+        <div class="threat-findings" id="threat-findings" data-testid="threat-findings"></div>
+      </div>
+      <div class="modal-footer hidden" id="modal-export-footer">
+        <button class="modal-export-btn" id="btn-export-json" data-testid="btn-export-json">📥 Download JSON</button>
+        <button class="modal-export-btn" id="btn-export-copy" data-testid="btn-export-copy">📋 Copy to Clipboard</button>
+      </div>
+    </div>
+  </div>
+
   <div class="tooltip" id="tooltip"></div>
 
   <script src="/static/dash.js"></script>

package/dist/log-watcher.d.ts

@@ -17,6 +17,7 @@ export declare class LogWatcher extends EventEmitter {
     private readNewLines;
     private processLine;
     private parseLogLine;
+    private parsePlainTextLine;
     private extractToolArgs;
     private getContentFingerprint;
     private isDuplicate;

package/dist/log-watcher.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"log-watcher.d.ts","sourceRoot":"","sources":["../log-watcher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAmDtC,qBAAa,UAAW,SAAQ,YAAY;IAC1C,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,OAAO,CAA6B;IAC5C,OAAO,CAAC,YAAY,CAAK;IACzB,OAAO,CAAC,UAAU,CAAgC;IAClD,OAAO,CAAC,YAAY,CAA+B;IACnD,OAAO,CAAC,mBAAmB,CAA6B;IACxD,OAAO,CAAC,qBAAqB,CAA+B;;IAY5D,KAAK,IAAI,IAAI;IAUb,IAAI,IAAI,IAAI;IAeZ,OAAO,CAAC,iBAAiB;IAOzB,OAAO,CAAC,eAAe;IAWvB,OAAO,CAAC,SAAS;IAuCjB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,YAAY;IA+BpB,OAAO,CAAC,WAAW;IAWnB,OAAO,CAAC,YAAY;IAmMpB,OAAO,CAAC,eAAe;IAuCvB,OAAO,CAAC,qBAAqB;IAQ7B,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,eAAe;IAmCvB,OAAO,CAAC,aAAa;IAiBrB,OAAO,CAAC,gBAAgB;CAWzB;AAID,wBAAgB,eAAe,IAAI,UAAU,CAM5C;AAED,wBAAgB,cAAc,IAAI,IAAI,CAKrC;AAED,wBAAgB,aAAa,IAAI,UAAU,GAAG,IAAI,CAEjD"}
+{"version":3,"file":"log-watcher.d.ts","sourceRoot":"","sources":["../log-watcher.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAsDtC,qBAAa,UAAW,SAAQ,YAAY;IAC1C,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,OAAO,CAA6B;IAC5C,OAAO,CAAC,YAAY,CAAK;IACzB,OAAO,CAAC,UAAU,CAAgC;IAClD,OAAO,CAAC,YAAY,CAA+B;IACnD,OAAO,CAAC,mBAAmB,CAA6B;IACxD,OAAO,CAAC,qBAAqB,CAA+B;;IAY5D,KAAK,IAAI,IAAI;IAUb,IAAI,IAAI,IAAI;IAeZ,OAAO,CAAC,iBAAiB;IAsBzB,OAAO,CAAC,eAAe;IAWvB,OAAO,CAAC,SAAS;IAuCjB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,YAAY;IA+BpB,OAAO,CAAC,WAAW;IAWnB,OAAO,CAAC,YAAY;IAmMpB,OAAO,CAAC,kBAAkB;IA+D1B,OAAO,CAAC,eAAe;IAuCvB,OAAO,CAAC,qBAAqB;IAQ7B,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,eAAe;IAmCvB,OAAO,CAAC,aAAa;IAiBrB,OAAO,CAAC,gBAAgB;CAWzB;AAID,wBAAgB,eAAe,IAAI,UAAU,CAM5C;AAED,wBAAgB,cAAc,IAAI,IAAI,CAKrC;AAED,wBAAgB,aAAa,IAAI,UAAU,GAAG,IAAI,CAEjD"}

package/dist/log-watcher.js

@@ -29,9 +29,13 @@ exports.stopLogWatcher = stopLogWatcher;
 exports.getLogWatcher = getLogWatcher;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const os = __importStar(require("os"));
 const events_1 = require("events");
 const storage_1 = require("./storage");
-const CLAWDBOT_LOG_DIR = "/tmp/clawdbot";
+const CLAWDBOT_LOG_DIRS = [
+    path.join(os.homedir(), ".clawdbot", "logs"),
+    "/tmp/clawdbot",
+];
 const DANGEROUS_PATTERNS = [
     { pattern: /rm\s+-rf?\s+\//, reason: "Dangerous rm command (root delete)" },
     { pattern: /rm\s+-rf?\s+~/, reason: "Dangerous rm command (home delete)" },
@@ -80,7 +84,7 @@ class LogWatcher extends events_1.EventEmitter {
     start() {
         const logFile = this.getCurrentLogFile();
         if (!logFile) {
-            console.log("[LogWatcher] ClawdBot log directory not found, will poll for it...");
+            console.log(`[LogWatcher] No log files found in ${CLAWDBOT_LOG_DIRS.join(", ")} — polling every 5s...`);
             this.pollInterval = setInterval(() => this.checkForLogFile(), 5000);
             return;
         }
@@ -101,11 +105,27 @@ class LogWatcher extends events_1.EventEmitter {
         }
     }
     getCurrentLogFile() {
-        if (!fs.existsSync(CLAWDBOT_LOG_DIR))
-            return null;
-        const today = new Date().toISOString().split("T")[0];
-        const logFile = path.join(CLAWDBOT_LOG_DIR, `clawdbot-${today}.log`);
-        return fs.existsSync(logFile) ? logFile : null;
+        for (const dir of CLAWDBOT_LOG_DIRS) {
+            if (!fs.existsSync(dir))
+                continue;
+            const commandsLog = path.join(dir, "commands.log");
+            if (fs.existsSync(commandsLog))
+                return commandsLog;
+            const today = new Date().toISOString().split("T")[0];
+            const dateLog = path.join(dir, `clawdbot-${today}.log`);
+            if (fs.existsSync(dateLog))
+                return dateLog;
+            try {
+                const files = fs.readdirSync(dir)
+                    .filter(f => f.endsWith(".log"))
+                    .map(f => ({ name: f, mtime: fs.statSync(path.join(dir, f)).mtimeMs }))
+                    .sort((a, b) => b.mtime - a.mtime);
+                if (files.length > 0)
+                    return path.join(dir, files[0].name);
+            }
+            catch { }
+        }
+        return null;
     }
     checkForLogFile() {
         const logFile = this.getCurrentLogFile();
@@ -373,8 +393,69 @@ class LogWatcher extends events_1.EventEmitter {
             return { subsystem, message, timestamp, logLevel, toolEvent };
         }
         catch {
+            return this.parsePlainTextLine(line);
+        }
+    }
+    parsePlainTextLine(line) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.length < 5)
             return null;
+        const timestamp = new Date();
+        let toolEvent;
+        const timestampMatch = trimmed.match(/^\[?(\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}:\d{2}[^\]]*)\]?\s*(.*)/);
+        const content = timestampMatch ? timestampMatch[2] : trimmed;
+        if (timestampMatch) {
+            try {
+                const d = new Date(timestampMatch[1]);
+                if (!isNaN(d.getTime()))
+                    Object.assign(timestamp, { _parsed: d });
+            }
+            catch { }
+        }
+        const cmdMatch = content.match(/(?:command|cmd|exec|run|shell)\s*[=:]\s*(.+)/i);
+        if (cmdMatch) {
+            toolEvent = {
+                runId: `cmd-${Date.now()}`,
+                tool: "exec",
+                toolCallId: `cmd-${Date.now()}`,
+                phase: "start",
+                timestamp,
+                args: { command: cmdMatch[1].trim() },
+            };
+        }
+        const msgMatch = content.match(/(?:message|msg|body|text|input)\s*[=:]\s*(.+)/i);
+        if (!toolEvent && msgMatch) {
+            toolEvent = {
+                runId: `msg-${Date.now()}`,
+                tool: "whatsapp-inbound",
+                toolCallId: `msg-${Date.now()}`,
+                phase: "start",
+                timestamp,
+                args: { body: msgMatch[1].trim() },
+            };
+        }
+        const replyMatch = content.match(/(?:reply|response|answer|out)\s*[=:]\s*(.+)/i);
+        if (!toolEvent && replyMatch) {
+            toolEvent = {
+                runId: `reply-${Date.now()}`,
+                tool: "whatsapp-reply",
+                toolCallId: `reply-${Date.now()}`,
+                phase: "start",
+                timestamp,
+                args: { text: replyMatch[1].trim() },
+            };
+        }
+        if (!toolEvent && content.length > 3) {
+            toolEvent = {
+                runId: `log-${Date.now()}`,
+                tool: "agent-log",
+                toolCallId: `log-${Date.now()}`,
+                phase: "start",
+                timestamp,
+                args: { message: content },
+            };
         }
+        return { message: content, timestamp, logLevel: "INFO", toolEvent };
     }
     extractToolArgs(json) {
         const args = {};

package/dist/src/threat-assessment.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"threat-assessment.d.ts","sourceRoot":"","sources":["../../src/threat-assessment.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,SAAS,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,KAAK,CAAC;IACzE,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,OAAO,EAAE;QACP,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAieD,wBAAgB,mBAAmB,IAAI,gBAAgB,CAgDtD"}
+{"version":3,"file":"threat-assessment.d.ts","sourceRoot":"","sources":["../../src/threat-assessment.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,SAAS,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,KAAK,CAAC;IACzE,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,OAAO,EAAE;QACP,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAqeD,wBAAgB,mBAAmB,IAAI,gBAAgB,CAgDtD"}

package/dist/src/threat-assessment.js

@@ -29,7 +29,10 @@ const path = __importStar(require("path"));
 const os = __importStar(require("os"));
 const child_process_1 = require("child_process");
 const CLAWGUARD_DIR = path.join(os.homedir(), ".clawguard");
-const CLAWDBOT_LOG_DIR = "/tmp/clawdbot";
+const CLAWDBOT_LOG_DIRS = [
+    path.join(os.homedir(), ".clawdbot", "logs"),
+    "/tmp/clawdbot",
+];
 const SEVERITY_PENALTIES = {
     critical: 25,
     high: 15,
@@ -445,14 +448,16 @@ function checkBotSecurity() {
         let credentialLeak = false;
         let leakDetail = "";
         try {
-            if (fs.existsSync(CLAWDBOT_LOG_DIR)) {
-                const logFiles = fs.readdirSync(CLAWDBOT_LOG_DIR)
+            for (const logDir of CLAWDBOT_LOG_DIRS) {
+                if (!fs.existsSync(logDir))
+                    continue;
+                const logFiles = fs.readdirSync(logDir)
                     .filter(f => f.endsWith(".log"))
                     .sort()
                     .slice(-3);
                 for (const file of logFiles) {
                     try {
-                        const filePath = path.join(CLAWDBOT_LOG_DIR, file);
+                        const filePath = path.join(logDir, file);
                         const stat = fs.statSync(filePath);
                         const readSize = Math.min(stat.size, 50000);
                         const fd = fs.openSync(filePath, "r");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "averecion-lite",
-  "version": "1.5.2",
+  "version": "1.6.1",
   "description": "Real-time AI agent monitoring - watches logs, detects dangerous commands and prompt injection attempts",
   "author": "Averecion <hello@averecion.com>",
   "homepage": "https://github.com/averecion/clawguard#readme",