npm - aws-security-mcp - Versions diffs - 0.7.0 → 0.7.2 - Mend

aws-security-mcp 0.7.0 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dashboard/dist/assets/index-BXloWmhE.css +2 -0
package/dashboard/dist/index.html +2 -2
package/dist/bin/aws-security-mcp.js +478 -12
package/dist/bin/aws-security-mcp.js.map +1 -1
package/dist/src/index.d.ts +3 -1
package/dist/src/index.js +479 -12
package/dist/src/index.js.map +1 -1
package/package.json +2 -2
package/dashboard/dist/assets/index-UN8P_PO6.css +0 -2
/package/dashboard/dist/assets/{index-AKJ_-GfD.js → index-DsWFAp9v.js} +0 -0

package/dashboard/dist/assets/index-BXloWmhE.css ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ /! tailwindcss v4.2.2 \| MIT License \| https://tailwindcss.com /
2	+ @layer properties{@supports (((-webkit-hyphens:none)) and (not (margin-trim:inline))) or ((-moz-orient:inline) and (not (color:rgb(from red r g b)))){,:before,:after,::backdrop{--tw-rotate-x:initial;--tw-rotate-y:initial;--tw-rotate-z:initial;--tw-skew-x:initial;--tw-skew-y:initial;--tw-space-y-reverse:0;--tw-border-style:solid;--tw-leading:initial;--tw-font-weight:initial;--tw-blur:initial;--tw-brightness:initial;--tw-contrast:initial;--tw-grayscale:initial;--tw-hue-rotate:initial;--tw-invert:initial;--tw-opacity:initial;--tw-saturate:initial;--tw-sepia:initial;--tw-drop-shadow:initial;--tw-drop-shadow-color:initial;--tw-drop-shadow-alpha:100%;--tw-drop-shadow-size:initial}}}@layer theme{:root,:host{--font-sans:ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";--font-mono:ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;--color-red-400:oklch(70.4% .191 22.216);--color-red-500:oklch(63.7% .237 25.331);--color-orange-400:oklch(75% .183 55.934);--color-orange-500:oklch(70.5% .213 47.604);--color-yellow-400:oklch(85.2% .199 91.936);--color-yellow-500:oklch(79.5% .184 86.047);--color-green-400:oklch(79.2% .209 151.711);--color-green-500:oklch(72.3% .219 149.579);--color-blue-400:oklch(70.7% .165 254.624);--color-blue-500:oklch(62.3% .214 259.815);--color-slate-50:oklch(98.4% .003 247.858);--color-slate-100:oklch(96.8% .007 247.896);--color-slate-200:oklch(92.9% .013 255.508);--color-slate-300:oklch(86.9% .022 252.894);--color-slate-400:oklch(70.4% .04 256.788);--color-slate-500:oklch(55.4% .046 257.417);--color-slate-600:oklch(44.6% .043 257.281);--color-slate-700:oklch(37.2% .044 257.287);--color-slate-800:oklch(27.9% .041 260.031);--color-slate-900:oklch(20.8% .042 265.755);--spacing:.25rem;--text-xs:.75rem;--text-xs--line-height:calc(1 / .75);--text-sm:.875rem;--text-sm--line-height:calc(1.25 / .875);--text-lg:1.125rem;--text-lg--line-height:calc(1.75 / 1.125);--text-2xl:1.5rem;--text-2xl--line-height:calc(2 / 1.5);--text-3xl:1.875rem;--text-3xl--line-height:calc(2.25 / 1.875);--font-weight-medium:500;--font-weight-semibold:600;--font-weight-bold:700;--leading-tight:1.25;--radius-lg:.5rem;--default-transition-duration:.15s;--default-transition-timing-function:cubic-bezier(.4, 0, .2, 1);--default-font-family:var(--font-sans);--default-mono-font-family:var(--font-mono)}}@layer base{,:after,:before,::backdrop{box-sizing:border-box;border:0 solid;margin:0;padding:0}::file-selector-button{box-sizing:border-box;border:0 solid;margin:0;padding:0}html,:host{-webkit-text-size-adjust:100%;tab-size:4;line-height:1.5;font-family:var(--default-font-family,ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji");font-feature-settings:var(--default-font-feature-settings,normal);font-variation-settings:var(--default-font-variation-settings,normal);-webkit-tap-highlight-color:transparent}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,samp,pre{font-family:var(--default-mono-font-family,ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace);font-feature-settings:var(--default-mono-font-feature-settings,normal);font-variation-settings:var(--default-mono-font-variation-settings,normal);font-size:1em}small{font-size:80%}sub,sup{vertical-align:baseline;font-size:75%;line-height:0;position:relative}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit;border-collapse:collapse}:-moz-focusring{outline:auto}progress{vertical-align:baseline}summary{display:list-item}ol,ul,menu{list-style:none}img,svg,video,canvas,audio,iframe,embed,object{vertical-align:middle;display:block}img,video{max-width:100%;height:auto}button,input,select,optgroup,textarea{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}::file-selector-button{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}:where(select:is([multiple],[size])) optgroup{font-weight:bolder}:where(select:is([multiple],[size])) optgroup option{padding-inline-start:20px}::file-selector-button{margin-inline-end:4px}::placeholder{opacity:1}@supports (not ((-webkit-appearance:-apple-pay-button))) or (contain-intrinsic-size:1px){::placeholder{color:currentColor}@supports (color:color-mix(in lab, red, red)){::placeholder{color:color-mix(in oklab, currentcolor 50%, transparent)}}}textarea{resize:vertical}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-date-and-time-value{min-height:1lh;text-align:inherit}::-webkit-datetime-edit{display:inline-flex}::-webkit-datetime-edit-fields-wrapper{padding:0}::-webkit-datetime-edit{padding-block:0}::-webkit-datetime-edit-year-field{padding-block:0}::-webkit-datetime-edit-month-field{padding-block:0}::-webkit-datetime-edit-day-field{padding-block:0}::-webkit-datetime-edit-hour-field{padding-block:0}::-webkit-datetime-edit-minute-field{padding-block:0}::-webkit-datetime-edit-second-field{padding-block:0}::-webkit-datetime-edit-millisecond-field{padding-block:0}::-webkit-datetime-edit-meridiem-field{padding-block:0}::-webkit-calendar-picker-indicator{line-height:1}:-moz-ui-invalid{box-shadow:none}button,input:where([type=button],[type=reset],[type=submit]){appearance:button}::file-selector-button{appearance:button}::-webkit-inner-spin-button{height:auto}::-webkit-outer-spin-button{height:auto}[hidden]:where(:not([hidden=until-found])){display:none!important}}@layer components;@layer utilities{.pointer-events-none{pointer-events:none}.absolute{position:absolute}.fixed{position:fixed}.relative{position:relative}.sticky{position:sticky}.inset-0{inset:calc(var(--spacing) * 0)}.end{inset-inline-end:var(--spacing)}.top-0{top:calc(var(--spacing) * 0)}.top-16{top:calc(var(--spacing) * 16)}.right-0{right:calc(var(--spacing) * 0)}.bottom-0{bottom:calc(var(--spacing) * 0)}.left-0{left:calc(var(--spacing) * 0)}.z-10{z-index:10}.container{width:100%}@media (width>=40rem){.container{max-width:40rem}}@media (width>=48rem){.container{max-width:48rem}}@media (width>=64rem){.container{max-width:64rem}}@media (width>=80rem){.container{max-width:80rem}}@media (width>=96rem){.container{max-width:96rem}}.mt-1{margin-top:calc(var(--spacing) * 1)}.mt-2{margin-top:calc(var(--spacing) * 2)}.mt-16{margin-top:calc(var(--spacing) * 16)}.mb-1{margin-bottom:calc(var(--spacing) * 1)}.mb-2{margin-bottom:calc(var(--spacing) * 2)}.mb-4{margin-bottom:calc(var(--spacing) * 4)}.line-clamp-2{-webkit-line-clamp:2;-webkit-box-orient:vertical;display:-webkit-box;overflow:hidden}.contents{display:contents}.flex{display:flex}.grid{display:grid}.hidden{display:none}.h-\[300px\]{height:300px}.min-h-screen{min-height:100vh}.w-5{width:calc(var(--spacing) * 5)}.w-56{width:calc(var(--spacing) * 56)}.w-full{width:100%}.min-w-0{min-width:calc(var(--spacing) * 0)}.min-w-\[200px\]{min-width:200px}.flex-1{flex:1}.shrink-0{flex-shrink:0}.transform{transform:var(--tw-rotate-x,) var(--tw-rotate-y,) var(--tw-rotate-z,) var(--tw-skew-x,) var(--tw-skew-y,)}.cursor-pointer{cursor:pointer}.list-inside{list-style-position:inside}.list-decimal{list-style-type:decimal}.grid-cols-1{grid-template-columns:repeat(1,minmax(0,1fr))}.grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.flex-col{flex-direction:column}.flex-wrap{flex-wrap:wrap}.items-center{align-items:center}.justify-between{justify-content:space-between}.justify-center{justify-content:center}.gap-1\.5{gap:calc(var(--spacing) * 1.5)}.gap-2{gap:calc(var(--spacing) * 2)}.gap-2\.5{gap:calc(var(--spacing) * 2.5)}.gap-3{gap:calc(var(--spacing) * 3)}.gap-4{gap:calc(var(--spacing) * 4)}.gap-6{gap:calc(var(--spacing) * 6)}:where(.space-y-1>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * 1) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * 1) * calc(1 - var(--tw-space-y-reverse)))}:where(.space-y-3>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * 3) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * 3) * calc(1 - var(--tw-space-y-reverse)))}:where(.space-y-4>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * 4) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * 4) * calc(1 - var(--tw-space-y-reverse)))}:where(.space-y-6>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * 6) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * 6) * calc(1 - var(--tw-space-y-reverse)))}.truncate{text-overflow:ellipsis;white-space:nowrap;overflow:hidden}.overflow-x-auto{overflow-x:auto}.rounded{border-radius:.25rem}.rounded-lg{border-radius:var(--radius-lg)}.border{border-style:var(--tw-border-style);border-width:1px}.border-t{border-top-style:var(--tw-border-style);border-top-width:1px}.border-r{border-right-style:var(--tw-border-style);border-right-width:1px}.border-b{border-bottom-style:var(--tw-border-style);border-bottom-width:1px}.border-blue-500\/30{border-color:#3080ff4d}@supports (color:color-mix(in lab, red, red)){.border-blue-500\/30{border-color:color-mix(in oklab, var(--color-blue-500) 30%, transparent)}}.border-current{border-color:currentColor}.border-green-500\/30{border-color:#00c7584d}@supports (color:color-mix(in lab, red, red)){.border-green-500\/30{border-color:color-mix(in oklab, var(--color-green-500) 30%, transparent)}}.border-orange-500\/30{border-color:#fe6e004d}@supports (color:color-mix(in lab, red, red)){.border-orange-500\/30{border-color:color-mix(in oklab, var(--color-orange-500) 30%, transparent)}}.border-red-500\/30{border-color:#fb2c364d}@supports (color:color-mix(in lab, red, red)){.border-red-500\/30{border-color:color-mix(in oklab, var(--color-red-500) 30%, transparent)}}.border-slate-600{border-color:var(--color-slate-600)}.border-slate-700{border-color:var(--color-slate-700)}.border-transparent{border-color:#0000}.border-yellow-500\/20{border-color:#edb20033}@supports (color:color-mix(in lab, red, red)){.border-yellow-500\/20{border-color:color-mix(in oklab, var(--color-yellow-500) 20%, transparent)}}.border-yellow-500\/30{border-color:#edb2004d}@supports (color:color-mix(in lab, red, red)){.border-yellow-500\/30{border-color:color-mix(in oklab, var(--color-yellow-500) 30%, transparent)}}.bg-blue-500\/20{background-color:#3080ff33}@supports (color:color-mix(in lab, red, red)){.bg-blue-500\/20{background-color:color-mix(in oklab, var(--color-blue-500) 20%, transparent)}}.bg-green-500\/20{background-color:#00c75833}@supports (color:color-mix(in lab, red, red)){.bg-green-500\/20{background-color:color-mix(in oklab, var(--color-green-500) 20%, transparent)}}.bg-orange-500\/20{background-color:#fe6e0033}@supports (color:color-mix(in lab, red, red)){.bg-orange-500\/20{background-color:color-mix(in oklab, var(--color-orange-500) 20%, transparent)}}.bg-red-500\/20{background-color:#fb2c3633}@supports (color:color-mix(in lab, red, red)){.bg-red-500\/20{background-color:color-mix(in oklab, var(--color-red-500) 20%, transparent)}}.bg-slate-700{background-color:var(--color-slate-700)}.bg-slate-800{background-color:var(--color-slate-800)}.bg-slate-800\/30{background-color:#1d293d4d}@supports (color:color-mix(in lab, red, red)){.bg-slate-800\/30{background-color:color-mix(in oklab, var(--color-slate-800) 30%, transparent)}}.bg-slate-800\/50{background-color:#1d293d80}@supports (color:color-mix(in lab, red, red)){.bg-slate-800\/50{background-color:color-mix(in oklab, var(--color-slate-800) 50%, transparent)}}.bg-slate-800\/80{background-color:#1d293dcc}@supports (color:color-mix(in lab, red, red)){.bg-slate-800\/80{background-color:color-mix(in oklab, var(--color-slate-800) 80%, transparent)}}.bg-slate-900{background-color:var(--color-slate-900)}.bg-yellow-500\/5{background-color:#edb2000d}@supports (color:color-mix(in lab, red, red)){.bg-yellow-500\/5{background-color:color-mix(in oklab, var(--color-yellow-500) 5%, transparent)}}.bg-yellow-500\/20{background-color:#edb20033}@supports (color:color-mix(in lab, red, red)){.bg-yellow-500\/20{background-color:color-mix(in oklab, var(--color-yellow-500) 20%, transparent)}}.p-4{padding:calc(var(--spacing) * 4)}.p-5{padding:calc(var(--spacing) * 5)}.p-6{padding:calc(var(--spacing) * 6)}.p-8{padding:calc(var(--spacing) * 8)}.px-2{padding-inline:calc(var(--spacing) * 2)}.px-3{padding-inline:calc(var(--spacing) * 3)}.px-4{padding-inline:calc(var(--spacing) * 4)}.px-6{padding-inline:calc(var(--spacing) * 6)}.py-0\.5{padding-block:calc(var(--spacing) * .5)}.py-1{padding-block:calc(var(--spacing) * 1)}.py-1\.5{padding-block:calc(var(--spacing) * 1.5)}.py-2\.5{padding-block:calc(var(--spacing) * 2.5)}.py-3{padding-block:calc(var(--spacing) * 3)}.py-4{padding-block:calc(var(--spacing) * 4)}.py-8{padding-block:calc(var(--spacing) * 8)}.text-center{text-align:center}.text-left{text-align:left}.font-mono{font-family:var(--font-mono)}.text-2xl{font-size:var(--text-2xl);line-height:var(--tw-leading,var(--text-2xl--line-height))}.text-3xl{font-size:var(--text-3xl);line-height:var(--tw-leading,var(--text-3xl--line-height))}.text-lg{font-size:var(--text-lg);line-height:var(--tw-leading,var(--text-lg--line-height))}.text-sm{font-size:var(--text-sm);line-height:var(--tw-leading,var(--text-sm--line-height))}.text-xs{font-size:var(--text-xs);line-height:var(--tw-leading,var(--text-xs--line-height))}.leading-none{--tw-leading:1;line-height:1}.leading-tight{--tw-leading:var(--leading-tight);line-height:var(--leading-tight)}.font-bold{--tw-font-weight:var(--font-weight-bold);font-weight:var(--font-weight-bold)}.font-medium{--tw-font-weight:var(--font-weight-medium);font-weight:var(--font-weight-medium)}.font-semibold{--tw-font-weight:var(--font-weight-semibold);font-weight:var(--font-weight-semibold)}.whitespace-nowrap{white-space:nowrap}.text-blue-400{color:var(--color-blue-400)}.text-green-400{color:var(--color-green-400)}.text-orange-400{color:var(--color-orange-400)}.text-red-400{color:var(--color-red-400)}.text-slate-50{color:var(--color-slate-50)}.text-slate-100{color:var(--color-slate-100)}.text-slate-200{color:var(--color-slate-200)}.text-slate-300{color:var(--color-slate-300)}.text-slate-400{color:var(--color-slate-400)}.text-slate-500{color:var(--color-slate-500)}.text-slate-600{color:var(--color-slate-600)}.text-yellow-400{color:var(--color-yellow-400)}.text-yellow-400\/80{color:#fac800cc}@supports (color:color-mix(in lab, red, red)){.text-yellow-400\/80{color:color-mix(in oklab, var(--color-yellow-400) 80%, transparent)}}.text-yellow-500\/60{color:#edb20099}@supports (color:color-mix(in lab, red, red)){.text-yellow-500\/60{color:color-mix(in oklab, var(--color-yellow-500) 60%, transparent)}}.placeholder-slate-500::placeholder{color:var(--color-slate-500)}.filter{filter:var(--tw-blur,) var(--tw-brightness,) var(--tw-contrast,) var(--tw-grayscale,) var(--tw-hue-rotate,) var(--tw-invert,) var(--tw-saturate,) var(--tw-sepia,) var(--tw-drop-shadow,)}.transition{transition-property:color,background-color,border-color,outline-color,text-decoration-color,fill,stroke,--tw-gradient-from,--tw-gradient-via,--tw-gradient-to,opacity,box-shadow,transform,translate,scale,rotate,filter,-webkit-backdrop-filter,backdrop-filter,display,content-visibility,overlay,pointer-events;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.transition-colors{transition-property:color,background-color,border-color,outline-color,text-decoration-color,fill,stroke,--tw-gradient-from,--tw-gradient-via,--tw-gradient-to;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.select-none{-webkit-user-select:none;user-select:none}@media (hover:hover){.hover\:border-slate-400:hover{border-color:var(--color-slate-400)}.hover\:border-slate-500:hover{border-color:var(--color-slate-500)}.hover\:bg-slate-700\/50:hover{background-color:#31415880}@supports (color:color-mix(in lab, red, red)){.hover\:bg-slate-700\/50:hover{background-color:color-mix(in oklab, var(--color-slate-700) 50%, transparent)}}.hover\:text-slate-200:hover{color:var(--color-slate-200)}}.focus\:border-blue-500:focus{border-color:var(--color-blue-500)}.focus\:outline-none:focus{--tw-outline-style:none;outline-style:none}.disabled\:cursor-not-allowed:disabled{cursor:not-allowed}.disabled\:opacity-40:disabled{opacity:.4}@media (width>=40rem){.sm\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}}@media (width>=48rem){.md\:col-span-2{grid-column:span 2/span 2}.md\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}}@media (width>=64rem){.lg\:mt-0{margin-top:calc(var(--spacing) * 0)}.lg\:flex{display:flex}.lg\:hidden{display:none}.lg\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.lg\:grid-cols-4{grid-template-columns:repeat(4,minmax(0,1fr))}.lg\:grid-cols-5{grid-template-columns:repeat(5,minmax(0,1fr))}}}body{color:#f8fafc;background-color:#0f172a;margin:0;font-family:Inter,system-ui,-apple-system,sans-serif}::-webkit-scrollbar{width:8px;height:8px}::-webkit-scrollbar-track{background:#1e293b}::-webkit-scrollbar-thumb{background:#475569;border-radius:4px}::-webkit-scrollbar-thumb:hover{background:#64748b}@property --tw-rotate-x{syntax:"";inherits:false}@property --tw-rotate-y{syntax:"";inherits:false}@property --tw-rotate-z{syntax:"";inherits:false}@property --tw-skew-x{syntax:"";inherits:false}@property --tw-skew-y{syntax:"";inherits:false}@property --tw-space-y-reverse{syntax:"";inherits:false;initial-value:0}@property --tw-border-style{syntax:"";inherits:false;initial-value:solid}@property --tw-leading{syntax:"";inherits:false}@property --tw-font-weight{syntax:"";inherits:false}@property --tw-blur{syntax:"";inherits:false}@property --tw-brightness{syntax:"";inherits:false}@property --tw-contrast{syntax:"";inherits:false}@property --tw-grayscale{syntax:"";inherits:false}@property --tw-hue-rotate{syntax:"";inherits:false}@property --tw-invert{syntax:"";inherits:false}@property --tw-opacity{syntax:"";inherits:false}@property --tw-saturate{syntax:"";inherits:false}@property --tw-sepia{syntax:"";inherits:false}@property --tw-drop-shadow{syntax:"";inherits:false}@property --tw-drop-shadow-color{syntax:"";inherits:false}@property --tw-drop-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-drop-shadow-size{syntax:"*";inherits:false}

package/dashboard/dist/index.html CHANGED Viewed

@@ -5,8 +5,8 @@
     <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>AWS Security Dashboard</title>
-    <script type="module" crossorigin src="/assets/index-AKJ_-GfD.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-UN8P_PO6.css">
+    <script type="module" crossorigin src="/assets/index-DsWFAp9v.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-BXloWmhE.css">
   </head>
   <body class="bg-slate-900 text-slate-50">
     <div id="root"></div>

package/dist/bin/aws-security-mcp.js CHANGED Viewed

@@ -237,7 +237,7 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 import { z } from "zod";
 // src/version.ts
-var VERSION = "0.7.0";
+var VERSION = "0.7.2";
 // src/utils/aws-client.ts
 import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts";
@@ -1245,7 +1245,7 @@ async function dnsResolves(hostname) {
 var DnsDanglingScanner = class {
   moduleName = "dns_dangling";
   async scan(ctx) {
-    const { region, partition, accountId } = ctx;
+    const { region, partition } = ctx;
     const startMs = Date.now();
     const findings = [];
     const warnings = [];
@@ -4012,6 +4012,39 @@ var zhI18n = {
       action: "\u5B89\u88C5 SSM Agent \u5E76\u914D\u7F6E Patch Manager"
     }
   },
+  // HW Defense HTML Report
+  hwReportTitle: "\u62A4\u7F51\u84DD\u961F\u5B89\u5168\u8BC4\u4F30\u62A5\u544A",
+  hwAutoCheck: "\u81EA\u52A8\u5316\u68C0\u67E5",
+  hwManualCheck: "\u4EBA\u5DE5\u786E\u8BA4\u4E8B\u9879",
+  hwNoAutoCheck: "\u6B64\u9879\u65E0\u81EA\u52A8\u5316\u68C0\u67E5",
+  hwClean: "\u672A\u53D1\u73B0\u95EE\u9898",
+  hwTotalFindings: "\u53D1\u73B0\u603B\u6570",
+  hwSectionsChecked: "\u68C0\u67E5\u5206\u7C7B",
+  hwAutoVerified: "\u81EA\u52A8\u9A8C\u8BC1",
+  hwManualPending: "\u4EBA\u5DE5\u5F85\u786E\u8BA4",
+  hwManualCount: (n) => `${n} \u9879\u4EBA\u5DE5\u786E\u8BA4`,
+  hwAffectedResources: (n) => `\u67E5\u770B\u53D7\u5F71\u54CD\u8D44\u6E90 (${n})`,
+  hwRemediation: "\u4FEE\u590D\u5EFA\u8BAE",
+  hwSectionNames: {
+    attack_surface: { name: "\u653B\u51FB\u9762\u6536\u655B", icon: "\u{1F3AF}" },
+    vulnerability_patch: { name: "\u6F0F\u6D1E\u4E0E\u8865\u4E01\u7BA1\u7406", icon: "\u{1FA79}" },
+    identity_credential: { name: "\u8EAB\u4EFD\u4E0E\u51ED\u8BC1\u5B89\u5168", icon: "\u{1F511}" },
+    transport_security: { name: "\u4F20\u8F93\u4E0E\u5B9E\u4F8B\u5B89\u5168", icon: "\u{1F512}" },
+    security_services: { name: "\u5B89\u5168\u670D\u52A1\u72B6\u6001", icon: "\u{1F6E1}\uFE0F" },
+    emergency_response: { name: "\u5E94\u6025\u54CD\u5E94\u51C6\u5907", icon: "\u{1F6A8}" },
+    environment_control: { name: "\u73AF\u5883\u5904\u7F6E", icon: "\u{1F3D7}\uFE0F" },
+    post_review: { name: "\u62A4\u7F51\u540E\u4F18\u5316", icon: "\u{1F4CA}" }
+  },
+  hwManualItems: {
+    attack_surface: ["\u7ED8\u5236\u51FA\u5165\u7AD9\u8DEF\u5F84\u67B6\u6784\u56FE\uFF0C\u6807\u6CE8\u6240\u6709\u4E92\u8054\u7F51/DX\u4E13\u7EBF\u51FA\u5165\u7AD9\u8DEF\u5F84"],
+    vulnerability_patch: ["\u8054\u7CFB\u5B89\u5168\u5382\u5546\u8FDB\u884C\u6A21\u62DF\u653B\u51FB\u6F14\u7EC3\uFF08\u6E17\u900F\u6D4B\u8BD5\uFF09", "\u5173\u6CE8 AWS \u5B89\u5168\u516C\u544A\uFF08\u5DF2\u77E5\u6F0F\u6D1E\u4E0E\u8865\u4E01\uFF09"],
+    identity_credential: ["\u6240\u6709 IAM \u7528\u6237\u7ED1\u5B9A MFA", "AKSK \u8F6E\u8F6C\u5468\u671F \u2264 90 \u5929", "\u907F\u514D\u5171\u4EAB\u8D26\u6237\u4F7F\u7528", "S3/Lambda/\u5E94\u7528\u4EE3\u7801\u4E2D\u65E0\u660E\u6587\u5BC6\u7801"],
+    transport_security: ["\u786E\u8BA4\u6240\u6709\u5BF9\u5916\u670D\u52A1\u4F7F\u7528 TLS 1.2+", "\u68C0\u67E5\u5185\u90E8\u670D\u52A1\u95F4\u901A\u4FE1\u662F\u5426\u52A0\u5BC6"],
+    security_services: ["\u786E\u8BA4 Security Hub \u5DF2\u5F00\u542F\u5E76\u914D\u7F6E\u6807\u51C6", "\u786E\u8BA4 GuardDuty \u5DF2\u5728\u6240\u6709\u533A\u57DF\u5F00\u542F", "\u786E\u8BA4 CloudTrail \u591A\u533A\u57DF\u65E5\u5FD7\u8BB0\u5F55\u5DF2\u5F00\u542F", "\u786E\u8BA4 Config Rules \u5DF2\u914D\u7F6E"],
+    emergency_response: ["\u51C6\u5907\u4E13\u7528\u9694\u79BB\u5B89\u5168\u7EC4\uFF08\u65E0 Inbound/Outbound \u89C4\u5219\uFF09", "\u5236\u5B9A\u5B9E\u4F8B\u9694\u79BB SOP\uFF1A\u544A\u8B66 \u2192 \u6392\u67E5 \u2192 \u5C01\u9501\u653B\u51FBIP \u2192 \u7F51\u7EDC\u9694\u79BB \u2192 \u5B89\u5168\u5904\u7F6E \u2192 \u8BB0\u5F55\u653B\u51FB\u9879", "\u7EC4\u5EFA 7\xD724 \u76D1\u63A7\u5FEB\u901F\u54CD\u5E94\u56E2\u961F", "\u521B\u5EFA\u62A4\u7F51\u671F\u95F4\u4E13\u7528\u6C9F\u901A\u6E20\u9053\uFF08\u4F01\u5FAE/\u9489\u9489/\u98DE\u4E66/Chime\uFF09", "\u4E0E AWS TAM \u5EFA\u7ACB WAR-ROOM \u8054\u7CFB\uFF08\u4F01\u4E1A\u7EA7\u652F\u6301\u5BA2\u6237\uFF09"],
+    environment_control: ["\u975E\u6838\u5FC3\u7CFB\u7EDF\u5728\u62A4\u7F51\u671F\u95F4\u5173\u95ED", "\u6D4B\u8BD5/\u5F00\u53D1\u73AF\u5883\u5173\u95ED\u6216\u4E0E\u751F\u4EA7\u4FDD\u6301\u540C\u7B49\u5B89\u5168\u57FA\u7EBF", "\u786E\u8BA4\u54EA\u4E9B\u73AF\u5883\u53EF\u4EE5\u7D27\u6025\u5173\u505C\uFF0C\u907F\u514D\u653B\u51FB\u6269\u6563"],
+    post_review: ["\u9488\u5BF9\u653B\u51FB\u62A5\u544A\u9010\u9879\u5E94\u7B54\u4E0E\u4FEE\u590D", "\u4E0E\u5B89\u5168\u56E2\u961F\u5EFA\u7ACB\u5468\u671F\u6027\u5B89\u5168\u7EF4\u62A4\u6D41\u7A0B", "\u6301\u7EED\u8865\u5168\u5B89\u5168\u98CE\u9669"]
+  },
   // HW Checklist (full composite)
   hwChecklist: `
 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
@@ -4288,6 +4321,39 @@ var enI18n = {
       action: "Install SSM Agent and configure Patch Manager"
     }
   },
+  // HW Defense HTML Report
+  hwReportTitle: "HW Defense Security Assessment Report",
+  hwAutoCheck: "Automated Checks",
+  hwManualCheck: "Manual Verification Items",
+  hwNoAutoCheck: "No automated checks for this section",
+  hwClean: "No issues found",
+  hwTotalFindings: "Total Findings",
+  hwSectionsChecked: "Sections Checked",
+  hwAutoVerified: "Auto-Verified",
+  hwManualPending: "Manual Pending",
+  hwManualCount: (n) => `${n} manual item${n === 1 ? "" : "s"}`,
+  hwAffectedResources: (n) => `View affected resources (${n})`,
+  hwRemediation: "Remediation",
+  hwSectionNames: {
+    attack_surface: { name: "Attack Surface Reduction", icon: "\u{1F3AF}" },
+    vulnerability_patch: { name: "Vulnerability & Patch Management", icon: "\u{1FA79}" },
+    identity_credential: { name: "Identity & Credential Security", icon: "\u{1F511}" },
+    transport_security: { name: "Transport & Instance Security", icon: "\u{1F512}" },
+    security_services: { name: "Security Service Status", icon: "\u{1F6E1}\uFE0F" },
+    emergency_response: { name: "Emergency Response Readiness", icon: "\u{1F6A8}" },
+    environment_control: { name: "Environment Control", icon: "\u{1F3D7}\uFE0F" },
+    post_review: { name: "Post-Drill Optimization", icon: "\u{1F4CA}" }
+  },
+  hwManualItems: {
+    attack_surface: ["Draw ingress/egress path architecture diagram, mark all Internet/DX dedicated line paths"],
+    vulnerability_patch: ["Contact security vendors for simulated attack drills (penetration testing)", "Monitor AWS security advisories (known vulnerabilities and patches)"],
+    identity_credential: ["All IAM users must have MFA enabled", "Access key rotation cycle \u2264 90 days", "Avoid shared account usage", "No plaintext passwords in S3/Lambda/application code"],
+    transport_security: ["Verify all external-facing services use TLS 1.2+", "Check internal service-to-service communication encryption"],
+    security_services: ["Verify Security Hub is enabled with standards configured", "Verify GuardDuty is enabled in all regions", "Verify CloudTrail multi-region logging is enabled", "Verify Config Rules are configured"],
+    emergency_response: ["Prepare dedicated isolation security groups (no Inbound/Outbound rules)", "Establish instance isolation SOP: Alert \u2192 Investigate \u2192 Block attacker IP \u2192 Network isolation \u2192 Security response \u2192 Log attack details", "Form 7\xD724 monitoring rapid response team", "Create dedicated communication channels for the drill period (Teams/Slack/Chime)", "Establish WAR-ROOM connection with AWS TAM (Enterprise Support customers)"],
+    environment_control: ["Shut down non-critical systems during the drill period", "Shut down test/dev environments or maintain same security baseline as production", "Confirm which environments can be emergency-stopped to prevent attack propagation"],
+    post_review: ["Address and remediate each item from the attack report", "Establish periodic security maintenance processes with the security team", "Continuously fill security risk gaps"]
+  },
   // HW Checklist (full composite)
   hwChecklist: `
 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
@@ -7262,11 +7328,24 @@ function generateMlps3Report(scanResults, lang) {
 function esc(s) {
   return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
 }
+function safeUrl(url) {
+  try {
+    const u = new URL(url);
+    if (u.protocol === "https:" || u.protocol === "http:") return url;
+    return null;
+  } catch {
+    return null;
+  }
+}
 function escWithLinks(s) {
   const parts = s.split(/(https?:\/\/\S+)/);
   return parts.map((part, i) => {
     if (i % 2 === 1) {
-      return `<a href="${esc(part)}" style="color:#60a5fa" target="_blank" rel="noopener">${esc(part)}</a>`;
+      const safe = safeUrl(part);
+      if (safe) {
+        return `<a href="${esc(safe)}" style="color:#60a5fa" target="_blank" rel="noopener">${esc(part)}</a>`;
+      }
+      return esc(part);
     }
     return esc(part);
   }).join("");
@@ -7994,7 +8073,8 @@ ${rest}
     const renderRec = (r) => {
       const sev = r.severity.toLowerCase();
       const countLabel = r.count > 1 ? ` (&times; ${r.count})` : "";
-      const linkHtml = r.url ? ` <a href="${esc(r.url)}" style="color:#60a5fa" target="_blank" rel="noopener">&#128214;</a>` : "";
+      const safeLink = r.url ? safeUrl(r.url) : null;
+      const linkHtml = safeLink ? ` <a href="${esc(safeLink)}" style="color:#60a5fa" target="_blank" rel="noopener">&#128214;</a>` : "";
       return `<li><span class="badge badge-${esc(sev)}">${esc(r.severity)}</span> ${esc(r.text)}${countLabel}${linkHtml}</li>`;
     };
     const TOP_N = 10;
@@ -8153,7 +8233,6 @@ function generateMlps3HtmlReport(scanResults, history, lang) {
     </section>`;
   }
   const isEn = (lang ?? "zh") === "en";
-  const itemCat = (r) => isEn ? r.item.categoryEn : r.item.categoryCn;
   const itemControl = (r) => isEn ? r.item.controlEn : r.item.controlCn;
   const itemReq = (r) => isEn ? r.item.requirementEn : r.item.requirementCn;
   const categoryMap = /* @__PURE__ */ new Map();
@@ -8355,7 +8434,8 @@ ${itemsHtml}
       const renderMlpsRec = (r) => {
         const sev = r.severity.toLowerCase();
         const countLabel = r.count > 1 ? ` (&times; ${r.count})` : "";
-        const linkHtml = r.url ? ` <a href="${esc(r.url)}" style="color:#60a5fa" target="_blank" rel="noopener">&#128214;</a>` : "";
+        const safeLink = r.url ? safeUrl(r.url) : null;
+        const linkHtml = safeLink ? ` <a href="${esc(safeLink)}" style="color:#60a5fa" target="_blank" rel="noopener">&#128214;</a>` : "";
         return `<li><span class="badge badge-${esc(sev)}">${esc(r.severity)}</span> ${esc(r.text)}${countLabel}${linkHtml}</li>`;
       };
       const MLPS_TOP_N = 10;
@@ -8448,6 +8528,374 @@ ${naNote}
 </html>`;
 }
+// src/tools/hw-report.ts
+function esc2(s) {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+}
+function safeUrl2(url) {
+  try {
+    const u = new URL(url);
+    if (u.protocol === "https:" || u.protocol === "http:") return url;
+    return null;
+  } catch {
+    return null;
+  }
+}
+function escWithLinks2(s) {
+  const parts = s.split(/(https?:\/\/\S+)/);
+  return parts.map((part, i) => {
+    if (i % 2 === 1) {
+      const safe = safeUrl2(part);
+      if (safe) {
+        return `<a href="${esc2(safe)}" style="color:#60a5fa" target="_blank" rel="noopener">${esc2(part)}</a>`;
+      }
+      return esc2(part);
+    }
+    return esc2(part);
+  }).join("");
+}
+var SEVERITY_ORDER3 = ["CRITICAL", "HIGH", "MEDIUM", "LOW"];
+var HW_SECTIONS = [
+  {
+    id: "attack_surface",
+    autoModules: ["network_reachability", "dns_dangling", "public_access_verify", "waf_coverage"],
+    shKeywords: ["network", "public", "exposure", "port", "waf", "firewall", "vpc", "securitygroup"]
+  },
+  {
+    id: "vulnerability_patch",
+    autoModules: ["patch_compliance_findings"],
+    shKeywords: ["vulnerability", "patch", "cve", "inspector", "software"]
+  },
+  {
+    id: "identity_credential",
+    autoModules: ["iam_privilege_escalation", "secret_exposure"],
+    shKeywords: ["iam", "access", "privilege", "credential", "password", "mfa", "key rotation"]
+  },
+  {
+    id: "transport_security",
+    autoModules: ["ssl_certificate", "imdsv2_enforcement"],
+    shKeywords: ["ssl", "tls", "certificate", "imds", "metadata"]
+  },
+  {
+    id: "security_services",
+    autoModules: ["service_detection"],
+    shKeywords: []
+  },
+  {
+    id: "emergency_response",
+    autoModules: [],
+    shKeywords: []
+  },
+  {
+    id: "environment_control",
+    autoModules: [],
+    shKeywords: []
+  },
+  {
+    id: "post_review",
+    autoModules: [],
+    shKeywords: []
+  }
+];
+function hwCss() {
+  return `
+    *{margin:0;padding:0;box-sizing:border-box}
+    body{background:#0f172a;color:#f8fafc;font-family:Inter,system-ui,-apple-system,sans-serif;line-height:1.6;font-size:14px}
+    .container{max-width:900px;margin:0 auto;padding:40px 24px}
+    header{text-align:center;margin-bottom:40px;border-bottom:1px solid #334155;padding-bottom:24px}
+    header h1{font-size:28px;font-weight:700;margin-bottom:8px;letter-spacing:-0.5px}
+    .meta{color:#94a3b8;font-size:13px}
+    h2{font-size:20px;font-weight:600;margin:32px 0 16px;padding-bottom:8px;border-bottom:1px solid #334155}
+    h3{font-size:16px;font-weight:600;margin:16px 0 8px}
+    h4{font-size:14px;font-weight:600;margin:12px 0 4px}
+    .summary-cards{display:flex;gap:12px;flex-wrap:wrap;margin-bottom:32px;justify-content:center}
+    .summary-card{background:#1e293b;border:1px solid #334155;border-radius:8px;padding:16px 20px;text-align:center;min-width:100px;flex:1}
+    .summary-card .stat-count{font-size:28px;font-weight:700}
+    .summary-card .stat-label{font-size:12px;color:#94a3b8;margin-top:2px}
+    .badge{display:inline-block;padding:2px 10px;border-radius:4px;font-size:11px;font-weight:700;letter-spacing:0.5px;color:#fff}
+    .badge-critical{background:#ef4444}
+    .badge-high{background:#f97316}
+    .badge-medium{background:#eab308;color:#1e293b}
+    .badge-low{background:#22c55e;color:#1e293b}
+    .hw-section{background:#1e293b;border:1px solid #334155;border-radius:8px;margin-bottom:16px;overflow:hidden}
+    .hw-section>summary{cursor:pointer;padding:16px 20px;display:flex;align-items:center;gap:12px;list-style:none;font-size:16px;font-weight:600;user-select:none;flex-wrap:wrap}
+    .hw-section>summary::-webkit-details-marker{display:none}
+    .hw-section>summary::marker{content:""}
+    .hw-section>summary::after{content:"\\25B6";font-size:12px;color:#64748b;flex-shrink:0;transition:transform 0.2s;margin-left:auto}
+    .hw-section[open]>summary::after{transform:rotate(90deg)}
+    .hw-section[open]>summary{border-bottom:1px solid #334155}
+    .hw-section-body{padding:16px 20px}
+    .hw-section-icon{font-size:20px}
+    .hw-section-title{flex:1}
+    .hw-section-stats{display:inline-flex;gap:8px;font-size:12px;flex-wrap:wrap}
+    .hw-section-stats .badge{font-size:10px;padding:1px 8px}
+    .hw-auto-section{margin-bottom:16px}
+    .hw-auto-section h4{color:#60a5fa;margin-bottom:8px}
+    .hw-manual-section h4{color:#fbbf24;margin-bottom:8px}
+    .hw-clean{color:#22c55e;font-size:14px;padding:8px 12px;background:rgba(34,197,94,0.1);border-radius:6px}
+    .hw-no-auto{color:#94a3b8;font-size:14px;padding:8px 12px;background:rgba(148,163,184,0.08);border-radius:6px}
+    .hw-manual-item{display:flex;align-items:flex-start;gap:8px;padding:6px 12px;margin-bottom:4px;font-size:14px;color:#cbd5e1;border-radius:4px;background:rgba(148,163,184,0.06)}
+    .hw-manual-checkbox{color:#fbbf24;font-size:16px;flex-shrink:0}
+    .finding-card{display:flex;align-items:center;gap:8px;padding:8px 12px;margin-bottom:4px;border-radius:6px;border-left:4px solid #334155;background:rgba(30,41,59,0.5);flex-wrap:wrap}
+    .sev-critical{border-left-color:#ef4444}
+    .sev-high{border-left-color:#f97316}
+    .sev-medium{border-left-color:#eab308}
+    .sev-low{border-left-color:#22c55e}
+    .finding-title-text{font-weight:600;font-size:13px;flex:1;min-width:200px}
+    .finding-resource{color:#94a3b8;font-size:12px;max-width:300px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}
+    .finding-card>details{width:100%;margin-top:4px}
+    .finding-card>details>summary{cursor:pointer;font-size:12px;color:#60a5fa;user-select:none}
+    .finding-card-body{padding:8px 0}
+    .finding-card-body p{color:#cbd5e1;font-size:13px;margin-bottom:4px}
+    .finding-card-body ol{padding-left:20px}
+    .finding-card-body li{color:#cbd5e1;font-size:13px;margin-bottom:2px}
+    .hw-finding-group{background:#1e293b;border:1px solid #334155;border-radius:8px;padding:12px 16px;margin-bottom:8px}
+    .hw-finding-header{display:flex;align-items:center;gap:8px}
+    .hw-finding-title{color:#e2e8f0;font-size:14px;flex:1}
+    .hw-finding-count{color:#94a3b8;font-size:13px;font-weight:600;background:#334155;padding:2px 8px;border-radius:4px}
+    .hw-finding-resources{padding:8px 0}
+    .hw-resource-item{font-size:12px;color:#94a3b8;padding:2px 0;font-family:monospace}
+    .hw-finding-remediation{border-top:1px solid #334155;margin-top:8px;padding-top:8px}
+    .hw-finding-remediation ol{margin:4px 0;padding-left:20px;font-size:13px;color:#cbd5e1}
+    footer{margin-top:48px;padding-top:24px;border-top:1px solid #334155;text-align:center}
+    footer p{color:#64748b;font-size:12px;margin-bottom:4px}
+    @media print{
+      body{background:#fff;color:#1e293b;-webkit-print-color-adjust:exact;print-color-adjust:exact}
+      .container{max-width:100%;padding:20px}
+      .hw-section,.summary-card,.finding-card{background:#fff;border:1px solid #e2e8f0}
+      .badge{border:1px solid}
+      header{border-bottom-color:#e2e8f0}
+      h2{border-bottom-color:#e2e8f0}
+      footer{border-top-color:#e2e8f0}
+      .summary-card .stat-label{color:#64748b}
+      .finding-title-text{color:#1e293b}
+      .finding-resource{color:#64748b}
+      .finding-card-body p,.finding-card-body li{color:#475569}
+      .hw-section[open]>summary{border-bottom-color:#e2e8f0}
+      .hw-manual-item{color:#475569}
+      details{display:block}
+      details>summary{display:block}
+      details>:not(summary){display:block !important}
+    }
+  `;
+}
+function generateHwDefenseHtmlReport(scanResults, lang) {
+  const t = getI18n(lang ?? "zh");
+  const htmlLang = (lang ?? "zh") === "zh" ? "zh-CN" : "en";
+  const { accountId, region, scanStart } = scanResults;
+  const date = scanStart.split("T")[0];
+  const scanTime = scanStart.replace("T", " ").replace(/\.\d+Z$/, " UTC");
+  const moduleMap = /* @__PURE__ */ new Map();
+  for (const mod of scanResults.modules) {
+    const findings = mod.findings.map((f) => ({ ...f, module: f.module ?? mod.module }));
+    moduleMap.set(mod.module, findings);
+  }
+  const assignedShFindings = /* @__PURE__ */ new Set();
+  function shFindingKey(f) {
+    return `${f.title}|${f.resourceId}|${f.resourceArn}`;
+  }
+  const sectionResults = [];
+  for (const section of HW_SECTIONS) {
+    const findings = [];
+    for (const mod of section.autoModules) {
+      if (mod === "security_hub_findings") continue;
+      const modFindings = moduleMap.get(mod) ?? [];
+      findings.push(...modFindings);
+    }
+    if (section.shKeywords.length > 0) {
+      const shFindings = moduleMap.get("security_hub_findings") ?? [];
+      for (const f of shFindings) {
+        const key = shFindingKey(f);
+        if (assignedShFindings.has(key)) continue;
+        const searchText = `${f.title} ${f.description} ${f.impact}`.toLowerCase();
+        if (section.shKeywords.some((kw) => searchText.includes(kw))) {
+          findings.push(f);
+          assignedShFindings.add(key);
+        }
+      }
+    }
+    const hasAutoModules = section.autoModules.length > 0 || section.shKeywords.length > 0;
+    const hasAutoResults = hasAutoModules && (section.autoModules.some((m) => moduleMap.has(m)) || section.shKeywords.length > 0 && moduleMap.has("security_hub_findings"));
+    const manualItems = t.hwManualItems[section.id] ?? [];
+    sectionResults.push({
+      id: section.id,
+      findings,
+      manualItems,
+      hasAutoModules,
+      hasAutoResults
+    });
+  }
+  const totalFindings = sectionResults.reduce((sum, s) => sum + s.findings.length, 0);
+  const sectionsChecked = sectionResults.filter((s) => s.hasAutoResults || s.manualItems.length > 0).length;
+  const autoVerified = sectionResults.filter((s) => s.hasAutoResults).length;
+  const totalManualItems = sectionResults.reduce((sum, s) => sum + s.manualItems.length, 0);
+  function groupFindings(findings) {
+    const groups = /* @__PURE__ */ new Map();
+    const groupTitles = /* @__PURE__ */ new Map();
+    for (const f of findings) {
+      const cveMatch = f.title.match(/CVE-\d{4}-\d+/i);
+      if (cveMatch) {
+        const key2 = `cve:${cveMatch[0].toUpperCase()}`;
+        if (!groups.has(key2)) {
+          groups.set(key2, []);
+          groupTitles.set(key2, f.title);
+        }
+        groups.get(key2).push(f);
+        continue;
+      }
+      const controlMatch = f.title.match(/[A-Z]+\.\d+/);
+      if (controlMatch) {
+        const key2 = `ctrl:${controlMatch[0]}`;
+        if (!groups.has(key2)) {
+          groups.set(key2, []);
+          groupTitles.set(key2, f.title);
+        }
+        groups.get(key2).push(f);
+        continue;
+      }
+      const key = `title:${f.title}`;
+      if (!groups.has(key)) {
+        groups.set(key, []);
+        groupTitles.set(key, f.title);
+      }
+      groups.get(key).push(f);
+    }
+    const result = [];
+    for (const [key, gFindings] of groups) {
+      let highestSeverity = "LOW";
+      for (const f of gFindings) {
+        if (SEVERITY_ORDER3.indexOf(f.severity) < SEVERITY_ORDER3.indexOf(highestSeverity)) {
+          highestSeverity = f.severity;
+        }
+      }
+      result.push({ title: groupTitles.get(key), findings: gFindings, highestSeverity });
+    }
+    return result;
+  }
+  const renderGroup = (group) => {
+    const sev = group.highestSeverity.toLowerCase();
+    const count = group.findings.length;
+    const first = group.findings[0];
+    const resourceItems = group.findings.map((f) => `<div class="hw-resource-item">${esc2(f.resourceId)} &mdash; ${esc2(f.resourceArn)}</div>`).join("\n");
+    const remediationSteps = first.remediationSteps.map((s) => `<li>${escWithLinks2(s)}</li>`).join("");
+    return `<div class="hw-finding-group">
+  <div class="hw-finding-header">
+    <span class="badge badge-${esc2(sev)}">${esc2(group.highestSeverity)}</span>
+    <span class="hw-finding-title">${esc2(group.title)}</span>
+    <span class="hw-finding-count">&times;${count}</span>
+  </div>
+  <details>
+    <summary>${t.hwAffectedResources(count)}</summary>
+    <div class="hw-finding-resources">
+      ${resourceItems}
+    </div>
+    <div class="hw-finding-remediation">
+      <strong>${esc2(t.hwRemediation)}:</strong>
+      <ol>${remediationSteps}</ol>
+    </div>
+  </details>
+</div>`;
+  };
+  const sectionsHtml = sectionResults.map((section) => {
+    const meta = t.hwSectionNames[section.id];
+    if (!meta) return "";
+    const sectionName = meta.name;
+    const sectionIcon = meta.icon ?? "";
+    const statBadges = [];
+    if (section.findings.length > 0) {
+      const sevCounts = {};
+      for (const f of section.findings) {
+        sevCounts[f.severity] = (sevCounts[f.severity] ?? 0) + 1;
+      }
+      for (const sev of SEVERITY_ORDER3) {
+        if (sevCounts[sev]) {
+          statBadges.push(
+            `<span class="badge badge-${sev.toLowerCase()}">${sevCounts[sev]} ${sev}</span>`
+          );
+        }
+      }
+    } else if (section.hasAutoResults) {
+      statBadges.push(`<span style="color:#22c55e;font-size:12px">&#10003; ${esc2(t.hwClean)}</span>`);
+    }
+    if (section.manualItems.length > 0) {
+      statBadges.push(`<span style="color:#fbbf24;font-size:12px">&#9744; ${esc2(t.hwManualCount(section.manualItems.length))}</span>`);
+    }
+    let autoHtml;
+    if (!section.hasAutoModules) {
+      autoHtml = `<div class="hw-no-auto">&#9898; ${esc2(t.hwNoAutoCheck)}</div>`;
+    } else if (!section.hasAutoResults) {
+      autoHtml = `<div class="hw-no-auto">&#9898; ${esc2(t.hwNoAutoCheck)}</div>`;
+    } else if (section.findings.length === 0) {
+      autoHtml = `<div class="hw-clean">&#10004; ${esc2(t.hwClean)}</div>`;
+    } else {
+      const sorted = [...section.findings].sort((a, b) => {
+        const sevDiff = SEVERITY_ORDER3.indexOf(a.severity) - SEVERITY_ORDER3.indexOf(b.severity);
+        if (sevDiff !== 0) return sevDiff;
+        return b.riskScore - a.riskScore;
+      });
+      const groups = groupFindings(sorted);
+      autoHtml = groups.map(renderGroup).join("\n");
+    }
+    let manualHtml = "";
+    if (section.manualItems.length > 0) {
+      const items = section.manualItems.map((item) => `<div class="hw-manual-item"><span class="hw-manual-checkbox">&#9633;</span>${esc2(item)}</div>`).join("\n");
+      manualHtml = `
+        <div class="hw-manual-section">
+          <h4>&#128203; ${esc2(t.hwManualCheck)}</h4>
+          ${items}
+        </div>`;
+    }
+    return `<details class="hw-section">
+  <summary>
+    <span class="hw-section-icon">${esc2(sectionIcon)}</span>
+    <span class="hw-section-title">${esc2(sectionName)}</span>
+    <span class="hw-section-stats">${statBadges.join(" ")}</span>
+  </summary>
+  <div class="hw-section-body">
+    <div class="hw-auto-section">
+      <h4>&#129302; ${esc2(t.hwAutoCheck)}</h4>
+      ${autoHtml}
+    </div>
+    ${manualHtml}
+  </div>
+</details>`;
+  }).filter(Boolean).join("\n");
+  const findingsColor = totalFindings === 0 ? "#22c55e" : totalFindings <= 5 ? "#eab308" : "#ef4444";
+  return `<!DOCTYPE html>
+<html lang="${htmlLang}">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+<title>${esc2(t.hwReportTitle)} &mdash; ${esc2(date)}</title>
+<style>${hwCss()}</style>
+</head>
+<body>
+<div class="container">
+<header>
+  <h1>&#128737;&#65039; ${esc2(t.hwReportTitle)}</h1>
+  <div class="meta">${esc2(t.account)}: ${esc2(accountId)} | ${esc2(t.region)}: ${esc2(region)} | ${esc2(t.scanTime)}: ${esc2(scanTime)}</div>
+</header>
+<section class="summary-cards">
+  <div class="summary-card"><div class="stat-count" style="color:${findingsColor}">${totalFindings}</div><div class="stat-label">${esc2(t.hwTotalFindings)}</div></div>
+  <div class="summary-card"><div class="stat-count" style="color:#60a5fa">${sectionsChecked}</div><div class="stat-label">${esc2(t.hwSectionsChecked)}</div></div>
+  <div class="summary-card"><div class="stat-count" style="color:#22c55e">${autoVerified}</div><div class="stat-label">${esc2(t.hwAutoVerified)}</div></div>
+  <div class="summary-card"><div class="stat-count" style="color:#fbbf24">${totalManualItems}</div><div class="stat-label">${esc2(t.hwManualPending)}</div></div>
+</section>
+${sectionsHtml}
+<footer>
+  <p>${esc2(t.generatedBy)} v${VERSION}</p>
+</footer>
+</div>
+</body>
+</html>`;
+}
 // src/tools/save-results.ts
 import { writeFileSync, readFileSync, mkdirSync, existsSync } from "fs";
 import { join } from "path";
@@ -8518,7 +8966,7 @@ function saveResults(scanResults, outputDir) {
 }
 // src/tools/scan-groups.ts
-var SEVERITY_ORDER3 = {
+var SEVERITY_ORDER4 = {
   LOW: 0,
   MEDIUM: 1,
   HIGH: 2,
@@ -8527,8 +8975,8 @@ var SEVERITY_ORDER3 = {
 function applyFindingsFilter(moduleName, findings, filter) {
   let result = findings;
   if (filter.minSeverity) {
-    const minLevel = SEVERITY_ORDER3[filter.minSeverity.toUpperCase()] ?? 0;
-    result = result.filter((f) => (SEVERITY_ORDER3[f.severity] ?? 0) >= minLevel);
+    const minLevel = SEVERITY_ORDER4[filter.minSeverity.toUpperCase()] ?? 0;
+    result = result.filter((f) => (SEVERITY_ORDER4[f.severity] ?? 0) >= minLevel);
   }
   if (moduleName === "security_hub_findings" && filter.securityHubCategories?.length) {
     const keywords = filter.securityHubCategories;
@@ -8562,10 +9010,10 @@ var SCAN_GROUPS = {
   },
   hw_defense: {
     name: "\u62A4\u7F51\u84DD\u961F\u52A0\u56FA",
-    description: "\u62A4\u7F51\u524D\u5B89\u5168\u81EA\u67E5 \u2014 \u653B\u51FB\u9762+\u5F31\u70B9\u8BC4\u4F30",
-    modules: ["service_detection", "secret_exposure", "network_reachability", "dns_dangling", "ssl_certificate", "iam_privilege_escalation", "security_hub_findings", "guardduty_findings", "inspector_findings", "config_rules_findings", "access_analyzer_findings", "patch_compliance_findings", "imdsv2_enforcement", "waf_coverage"],
+    description: "\u62A4\u7F51\u524D\u5B89\u5168\u81EA\u67E5 \u2014 \u653B\u51FB\u8005\u89C6\u89D2\u7684\u653B\u51FB\u9762+\u5F31\u70B9\u8BC4\u4F30",
+    modules: ["service_detection", "network_reachability", "dns_dangling", "public_access_verify", "ssl_certificate", "waf_coverage", "imdsv2_enforcement", "secret_exposure", "iam_privilege_escalation", "patch_compliance_findings", "security_hub_findings"],
     findingsFilter: {
-      guardDutyTypes: ["Backdoor", "Trojan", "PenTest", "CryptoCurrency"],
+      securityHubCategories: ["network", "public", "exposure", "port", "WAF", "vulnerability", "patch", "IAM", "iam", "access", "privilege", "secret", "credential", "password", "IMDS", "firewall", "VPC", "vpc", "SecurityGroup", "securitygroup", "CVE", "cve", "Inspector", "inspector", "software", "MFA", "mfa", "key rotation", "SSL", "ssl", "TLS", "tls", "certificate", "metadata", "CloudTrail", "cloudtrail", "logging", "audit", "encryption"],
       minSeverity: "MEDIUM"
     }
   },
@@ -9087,6 +9535,7 @@ function createServer(defaultRegion) {
           const summaryContent = content[0];
           if (summaryContent && summaryContent.type === "text") {
             summaryContent.text += "\n\n" + getHwDefenseChecklist(lang ?? "zh");
+            summaryContent.text += "\n\n\u{1F4A1} Tip: Call generate_hw_defense_report with these scan results to get a dedicated HTML report organized by HW Defense SOP checklist categories.";
           }
         }
         return { content };
@@ -9185,6 +9634,23 @@ function createServer(defaultRegion) {
       }
     }
   );
+  server.tool(
+    "generate_hw_defense_report",
+    "Generate an HTML report organized by HW Defense (\u62A4\u7F51) SOP checklist categories. Save as .html file.",
+    {
+      scan_results: z.string().describe("JSON string of FullScanResult from scan_group hw_defense or scan_all"),
+      lang: z.enum(["zh", "en"]).optional().describe("Report language (default: zh)")
+    },
+    async ({ scan_results, lang }) => {
+      try {
+        const parsed = JSON.parse(scan_results);
+        const report = generateHwDefenseHtmlReport(parsed, lang ?? "zh");
+        return { content: [{ type: "text", text: report }] };
+      } catch (err) {
+        return { content: [{ type: "text", text: `Error: ${err instanceof Error ? err.message : String(err)}` }], isError: true };
+      }
+    }
+  );
   server.tool(
     "generate_maturity_report",
     "Generate a security maturity assessment report from scan_all results. Requires service_detection module output. Read-only.",