mohuclaw 1.0.1 → 2.0.1

package/README.md

@@ -13,6 +13,8 @@ OpenClaw 安全审计工具，支持终端和 Web 双界面交互式安全分析
 - **自动修复**：一键修复检测到的安全问题
 - **IOC 威胁情报**：内置恶意 IP/域名检测
 - **多语言支持**：中文 / 英文界面切换
+- **报告导出**：支持 JSON / HTML / TXT 格式
+- **REST API**：支持第三方系统集成
 
 ## 安装
 
@@ -45,6 +47,95 @@ mohuclaw-tui
 | `f` | 执行修复 |
 | `Esc` | 退出选择 |
 
+## 报告导出
+
+扫描完成后，点击 **导出报告** 按钮可导出：
+
+- **JSON** - 结构化数据，适合程序处理
+- **HTML** - 可打印的报告，适合人工阅读
+- **TXT** - 纯文本格式，适合日志归档
+
+## REST API
+
+### 创建 API Key
+
+```bash
+curl -X POST http://localhost:12340/api/auth/keys \
+  -H "Content-Type: application/json" \
+  -d '{"name":"my-app"}'
+```
+
+### 启动扫描
+
+```bash
+curl -X POST http://localhost:12340/api/scan/run \
+  -H "X-API-Key: YOUR_KEY"
+```
+
+### 获取扫描结果
+
+```bash
+curl http://localhost:12340/api/scan/TASK_ID \
+  -H "X-API-Key: YOUR_KEY"
+```
+
+### 导出报告
+
+```bash
+# JSON 格式
+curl http://localhost:12340/api/export/json/TASK_ID \
+  -H "X-API-Key: YOUR_KEY" \
+  -o report.json
+
+# HTML 格式
+curl http://localhost:12340/api/export/html/TASK_ID \
+  -H "X-API-Key: YOUR_KEY" \
+  -o report.html
+```
+
+### API 文档
+
+访问 http://localhost:12340/api/docs 查看完整 API 文档。
+
+### 主要端点
+
+| 端点 | 方法 | 说明 |
+|------|------|------|
+| `/api/health` | GET | 健康检查 |
+| `/api/auth/keys` | POST | 创建 API Key |
+| `/api/auth/keys` | GET | 列出所有 Key |
+| `/api/auth/keys/:key` | DELETE | 删除 Key |
+| `/api/scan/run` | POST | 启动扫描 |
+| `/api/scan/:taskId` | GET | 获取扫描结果 |
+| `/api/scan/:taskId/cancel` | POST | 取消扫描 |
+| `/api/scan/latest` | GET | 获取最新结果 |
+| `/api/scan/history` | GET | 获取扫描历史 |
+| `/api/export/json/:taskId` | GET | 导出 JSON 报告 |
+| `/api/export/html/:taskId` | GET | 导出 HTML 报告 |
+| `/api/export/txt/:taskId` | GET | 导出文本报告 |
+
+### 第三方集成示例
+
+**Python 示例：**
+
+```python
+import requests
+
+API_URL = "http://localhost:12340"
+API_KEY = "mohu_xxx_yyy"
+
+headers = {"X-API-Key": API_KEY}
+
+# 启动扫描
+resp = requests.post(f"{API_URL}/api/scan/run", headers=headers)
+task_id = resp.json()["taskId"]
+
+# 获取结果
+result = requests.get(f"{API_URL}/api/scan/{task_id}", headers=headers).json()
+print(f"状态: {result['status']}")
+print(f"严重问题: {result['summary']['critical']}")
+```
+
 ## 配置
 
 ```bash

package/dist/webui/index.html

@@ -100,7 +100,11 @@
           removeSelected: '移除选中',
           removing: '正在移除',
           applyFix: '执行自动修复',
-          applying: '正在修复...'
+          applying: '正在修复...',
+          export: '导出报告',
+          exportJSON: 'JSON',
+          exportHTML: 'HTML',
+          exportTXT: 'TXT'
         },
         tabs: {
           overview: '概览',
@@ -183,7 +187,11 @@
           removeSelected: 'Remove Selected',
           removing: 'Removing',
           applyFix: 'Apply Auto-Fix',
-          applying: 'Applying...'
+          applying: 'Applying...',
+          export: 'Export',
+          exportJSON: 'JSON Report',
+          exportHTML: 'HTML Report',
+          exportTXT: 'Text Report'
         },
         tabs: {
           overview: 'Overview',
@@ -882,7 +890,7 @@
       }, [isScanning]);
       
       return (
-        <div className="glass rounded-xl p-4 h-[600px] overflow-y-auto bg-gray-900/50">
+        <div className="glass rounded-xl p-4 h-[600px] overflow-y-auto bg-gray-900/50 overflow-visible">
           {logs.length === 0 ? (
             <div className="text-center py-12">
               <DocumentTextIcon />
@@ -987,6 +995,7 @@
       const [isSettingsOpen, setIsSettingsOpen] = useState(false);
       const [openclawHome, setOpenclawHome] = useState('');
       const [language, setLanguage] = useState('zh');
+      const [showExportMenu, setShowExportMenu] = useState(false);
       const eventSourceRef = useRef(null);
       
       const t = translations[language];
@@ -1024,6 +1033,16 @@
         setOpenclawHome(value);
       };
       
+      const exportReport = (format) => {
+        if (!currentTaskId) {
+          alert(language === 'zh' ? '没有可导出的扫描结果' : 'No scan result to export');
+          return;
+        }
+        
+        const url = `/api/export/${format}/${currentTaskId}`;
+        window.open(url, '_blank');
+      };
+      
       const connectToSSE = useCallback((taskId) => {
         if (eventSourceRef.current) {
           eventSourceRef.current.close();
@@ -1066,7 +1085,8 @@
           setResult(data);
           setStatus(data.status);
           setIsScanning(false);
-          setCurrentTaskId(null);
+          // Keep taskId for export functionality
+          // setCurrentTaskId(null);
           
           // Update history
           setHistory(prev => [{
@@ -1229,6 +1249,22 @@
                   {t.buttons.settings}
                 </button>
                 
+                {/* Export Button */}
+                {result && (
+                  <button
+                    onClick={() => setShowExportMenu(!showExportMenu)}
+                    className="flex items-center gap-2 px-4 py-2 bg-green-600 hover:bg-green-700 text-white rounded text-sm transition-colors"
+                  >
+                    <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 10v6m0 0l-3-3m3 3l3-3m2 8H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z" />
+                    </svg>
+                    {t.buttons.export}
+                    <svg className="w-3 h-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M19 9l-7 7-7-7" />
+                    </svg>
+                  </button>
+                )}
+                
                 {isScanning ? (
                   <button
                     onClick={cancelScan}
@@ -1250,6 +1286,39 @@
             </div>
           </header>
           
+          {/* Export Menu - Fixed Position */}
+          {showExportMenu && (
+            <>
+              <div 
+                className="fixed inset-0 z-[998]"
+                onClick={() => setShowExportMenu(false)}
+              />
+              <div className="fixed z-[999] bg-gray-800 rounded-lg shadow-2xl border border-gray-600" style={{ top: '70px', right: '200px' }}>
+                <button
+                  onClick={() => { exportReport('json'); setShowExportMenu(false); }}
+                  className="w-full px-4 py-2.5 text-left text-sm text-white hover:bg-gray-700 rounded-t-lg flex items-center gap-3"
+                >
+                  <span className="w-6 h-6 flex items-center justify-center bg-blue-500/20 rounded text-blue-400 text-xs font-mono">JSON</span>
+                  {t.buttons.exportJSON}
+                </button>
+                <button
+                  onClick={() => { exportReport('html'); setShowExportMenu(false); }}
+                  className="w-full px-4 py-2.5 text-left text-sm text-white hover:bg-gray-700 flex items-center gap-3"
+                >
+                  <span className="w-6 h-6 flex items-center justify-center bg-green-500/20 rounded text-green-400 text-xs font-mono">HTML</span>
+                  {t.buttons.exportHTML}
+                </button>
+                <button
+                  onClick={() => { exportReport('txt'); setShowExportMenu(false); }}
+                  className="w-full px-4 py-2.5 text-left text-sm text-white hover:bg-gray-700 rounded-b-lg flex items-center gap-3"
+                >
+                  <span className="w-6 h-6 flex items-center justify-center bg-yellow-500/20 rounded text-yellow-400 text-xs font-mono">TXT</span>
+                  {t.buttons.exportTXT}
+                </button>
+              </div>
+            </>
+          )}
+          
           {/* Progress Bar */}
           {isScanning && (
             <div className="max-w-7xl mx-auto mb-6">

package/dist/webui/server.js

@@ -46,6 +46,79 @@ const scanTasks = new Map();
 const scanResults = new Map();
 let currentScanTaskId = null;
 
+// API Keys storage (in production, use a database)
+const API_KEYS_FILE = path.join(PACKAGE_DIR, '.api_keys.json');
+let apiKeys = new Map();
+
+function loadApiKeys() {
+  try {
+    if (fs.existsSync(API_KEYS_FILE)) {
+      const data = fs.readFileSync(API_KEYS_FILE, 'utf8');
+      const keys = JSON.parse(data);
+      apiKeys = new Map(Object.entries(keys));
+    }
+  } catch (error) {
+    console.error('Error loading API keys:', error);
+  }
+}
+
+function saveApiKeys() {
+  try {
+    const obj = Object.fromEntries(apiKeys);
+    fs.writeFileSync(API_KEYS_FILE, JSON.stringify(obj, null, 2), 'utf8');
+  } catch (error) {
+    console.error('Error saving API keys:', error);
+  }
+}
+
+function generateApiKey() {
+  return `mohu_${Date.now().toString(36)}_${Math.random().toString(36).substring(2, 15)}`;
+}
+
+// Initialize API keys on startup
+loadApiKeys();
+
+// API Key authentication middleware
+function apiKeyAuth(req, res, next) {
+  // Skip auth for web UI and public endpoints
+  const publicPaths = ['/', '/index.html', '/api/health', '/api/docs', '/api/auth/login'];
+  if (publicPaths.includes(req.path) || req.path.startsWith('/api/auth/')) {
+    return next();
+  }
+  
+  // Check for API key in header or query
+  const apiKey = req.headers['x-api-key'] || req.query.apiKey;
+  
+  if (!apiKey) {
+    return res.status(401).json({ 
+      error: 'API key required',
+      message: 'Provide X-API-Key header or apiKey query parameter'
+    });
+  }
+  
+  const keyData = apiKeys.get(apiKey);
+  if (!keyData) {
+    return res.status(401).json({ error: 'Invalid API key' });
+  }
+  
+  // Update last used
+  keyData.lastUsed = new Date().toISOString();
+  saveApiKeys();
+  
+  req.apiKey = keyData;
+  next();
+}
+
+// Apply API key auth to /api routes (except public ones)
+app.use('/api', (req, res, next) => {
+  // Allow web UI to access without API key (localhost only)
+  const isLocalhost = req.ip === '::1' || req.ip === '127.0.0.1' || req.hostname === 'localhost';
+  if (isLocalhost && !req.headers['x-api-key'] && !req.query.apiKey) {
+    return next();
+  }
+  return apiKeyAuth(req, res, next);
+});
+
 // Settings storage functions
 function loadSettings() {
   try {
@@ -87,6 +160,153 @@ app.use((req, res, next) => {
   next();
 });
 
+// ==================== API Documentation ====================
+app.get('/api/docs', (req, res) => {
+  res.json({
+    name: 'MohuClaw API',
+    version: '1.0.1',
+    description: 'REST API for MohuClaw Security Scanner',
+    authentication: {
+      type: 'API Key',
+      header: 'X-API-Key',
+      query: 'apiKey',
+      description: 'Include API key in X-API-Key header or apiKey query parameter'
+    },
+    endpoints: {
+      'GET /api/health': {
+        description: 'Health check',
+        auth: false
+      },
+      'POST /api/auth/keys': {
+        description: 'Create new API key',
+        auth: false,
+        body: { name: 'string (optional)' }
+      },
+      'GET /api/auth/keys': {
+        description: 'List all API keys',
+        auth: true
+      },
+      'DELETE /api/auth/keys/:key': {
+        description: 'Delete an API key',
+        auth: true
+      },
+      'POST /api/scan/run': {
+        description: 'Start a security scan',
+        auth: true,
+        returns: { taskId: 'string' }
+      },
+      'GET /api/scan/sse': {
+        description: 'SSE stream for scan progress',
+        auth: true,
+        query: { taskId: 'string' }
+      },
+      'GET /api/scan/:taskId': {
+        description: 'Get scan result by task ID',
+        auth: true
+      },
+      'POST /api/scan/:taskId/cancel': {
+        description: 'Cancel a running scan',
+        auth: true
+      },
+      'GET /api/scan/latest': {
+        description: 'Get latest scan result',
+        auth: true
+      },
+      'GET /api/scan/history': {
+        description: 'Get scan history',
+        auth: true
+      },
+      'GET /api/export/json/:taskId': {
+        description: 'Export scan result as JSON',
+        auth: true
+      },
+      'GET /api/export/html/:taskId': {
+        description: 'Export scan result as HTML',
+        auth: true
+      },
+      'GET /api/export/txt/:taskId': {
+        description: 'Export scan result as plain text',
+        auth: true
+      },
+      'GET /api/settings/openclaw_home': {
+        description: 'Get OPENCLAW_HOME setting',
+        auth: true
+      },
+      'POST /api/settings/openclaw_home': {
+        description: 'Set OPENCLAW_HOME setting',
+        auth: true,
+        body: { value: 'string' }
+      }
+    },
+    examples: {
+      createApiKey: `curl -X POST http://localhost:12340/api/auth/keys -H "Content-Type: application/json" -d '{"name":"my-app"}'`,
+      startScan: `curl -X POST http://localhost:12340/api/scan/run -H "X-API-Key: YOUR_KEY"`,
+      getResult: `curl http://localhost:12340/api/scan/TASK_ID -H "X-API-Key: YOUR_KEY"`,
+      exportReport: `curl http://localhost:12340/api/export/json/TASK_ID -H "X-API-Key: YOUR_KEY" -o report.json`
+    }
+  });
+});
+
+// Health check endpoint
+app.get('/api/health', (req, res) => {
+  res.json({
+    status: 'ok',
+    timestamp: new Date().toISOString(),
+    version: '1.0.1',
+    uptime: process.uptime()
+  });
+});
+
+// ==================== API Key Management ====================
+app.post('/api/auth/keys', (req, res) => {
+  const { name = 'default' } = req.body;
+  const key = generateApiKey();
+  
+  apiKeys.set(key, {
+    name,
+    createdAt: new Date().toISOString(),
+    lastUsed: null
+  });
+  saveApiKeys();
+  
+  res.status(201).json({
+    key,
+    name,
+    message: 'API key created. Store it securely - it cannot be retrieved again.'
+  });
+});
+
+app.get('/api/auth/keys', (req, res) => {
+  const keys = Array.from(apiKeys.entries()).map(([key, data]) => ({
+    key: key.substring(0, 10) + '...', // Masked
+    name: data.name,
+    createdAt: data.createdAt,
+    lastUsed: data.lastUsed
+  }));
+  res.json({ keys });
+});
+
+app.delete('/api/auth/keys/:key', (req, res) => {
+  const { key } = req.params;
+  
+  // Find key by prefix match
+  let foundKey = null;
+  for (const k of apiKeys.keys()) {
+    if (k.startsWith(key)) {
+      foundKey = k;
+      break;
+    }
+  }
+  
+  if (!foundKey) {
+    return res.status(404).json({ error: 'API key not found' });
+  }
+  
+  apiKeys.delete(foundKey);
+  saveApiKeys();
+  res.json({ message: 'API key deleted' });
+});
+
 // Generate unique task ID
 function generateTaskId() {
   return `scan_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
@@ -869,6 +1089,204 @@ app.post('/api/remediate/execute', async (req, res) => {
   }
 });
 
+// Export scan report as JSON
+app.get('/api/export/json/:taskId', (req, res) => {
+  const { taskId } = req.params;
+  const result = scanResults.get(taskId);
+  
+  if (!result) {
+    return res.status(404).json({ error: 'Scan result not found' });
+  }
+  
+  const report = {
+    meta: {
+      tool: 'MohuClaw',
+      version: '1.0.1',
+      generatedAt: new Date().toISOString(),
+      taskId: taskId
+    },
+    summary: result.summary,
+    status: result.status,
+    categories: result.categories,
+    items: result.items || []
+  };
+  
+  res.setHeader('Content-Type', 'application/json');
+  res.setHeader('Content-Disposition', `attachment; filename="mohuclaw-report-${taskId}.json"`);
+  res.json(report);
+});
+
+// Export scan report as HTML
+app.get('/api/export/html/:taskId', (req, res) => {
+  const { taskId } = req.params;
+  const result = scanResults.get(taskId);
+  
+  if (!result) {
+    return res.status(404).json({ error: 'Scan result not found' });
+  }
+  
+  const statusColors = {
+    SECURE: '#22c55e',
+    WARNING: '#eab308',
+    COMPROMISED: '#ef4444'
+  };
+  
+  const categoryNames = {
+    NETWORK_EXPOSURE: '网络暴露',
+    ACCESS_CONTROL: '访问控制',
+    EXECUTION_SANDBOX: '执行沙箱',
+    CREDENTIAL_STORAGE: '凭证存储',
+    MEMORY_POISONING: '内存投毒',
+    SUPPLY_CHAIN: '供应链安全',
+    RESOURCE_COST: '资源成本'
+  };
+  
+  const html = `<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>MohuClaw 安全报告 - ${taskId}</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #0b0f19; color: #e5e7eb; padding: 2rem; }
+    .container { max-width: 1200px; margin: 0 auto; }
+    .header { text-align: center; margin-bottom: 2rem; padding: 2rem; background: linear-gradient(135deg, #1e3a5f 0%, #1f2937 100%); border-radius: 1rem; }
+    .header h1 { font-size: 2rem; margin-bottom: 0.5rem; }
+    .header .meta { color: #9ca3af; font-size: 0.875rem; }
+    .summary { display: grid; grid-template-columns: repeat(3, 1fr); gap: 1rem; margin-bottom: 2rem; }
+    .summary-card { padding: 1.5rem; border-radius: 0.5rem; text-align: center; }
+    .summary-card.critical { background: rgba(239, 68, 68, 0.2); border: 1px solid #ef4444; }
+    .summary-card.warning { background: rgba(234, 179, 8, 0.2); border: 1px solid #eab308; }
+    .summary-card.clean { background: rgba(34, 197, 94, 0.2); border: 1px solid #22c55e; }
+    .summary-card .value { font-size: 2.5rem; font-weight: bold; }
+    .summary-card .label { font-size: 0.875rem; color: #9ca3af; margin-top: 0.25rem; }
+    .status-badge { display: inline-block; padding: 0.5rem 1rem; border-radius: 0.5rem; font-weight: bold; text-transform: uppercase; }
+    .categories { margin-bottom: 2rem; }
+    .category { background: #1f2937; border-radius: 0.5rem; margin-bottom: 1rem; overflow: hidden; }
+    .category-header { padding: 1rem; background: #374151; display: flex; justify-content: space-between; align-items: center; }
+    .category-header h3 { font-size: 1rem; }
+    .category-stats { display: flex; gap: 1rem; font-size: 0.875rem; }
+    .category-stats span { padding: 0.25rem 0.5rem; border-radius: 0.25rem; }
+    .items { padding: 1rem; }
+    .item { padding: 1rem; border-left: 3px solid #4b5563; margin-bottom: 0.5rem; background: #111827; border-radius: 0 0.5rem 0.5rem 0; }
+    .item.critical { border-left-color: #ef4444; }
+    .item.warning { border-left-color: #eab308; }
+    .item .title { font-weight: 600; margin-bottom: 0.25rem; }
+    .item .description { font-size: 0.875rem; color: #9ca3af; }
+    .footer { text-align: center; margin-top: 2rem; padding-top: 2rem; border-top: 1px solid #374151; color: #6b7280; font-size: 0.875rem; }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="header">
+      <h1>🛡️ MohuClaw 安全报告</h1>
+      <div class="meta">
+        <span>任务ID: ${taskId}</span> | 
+        <span>生成时间: ${new Date().toLocaleString('zh-CN')}</span> |
+        <span class="status-badge" style="background: ${statusColors[result.status] || '#6b7280'}">${result.status}</span>
+      </div>
+    </div>
+    
+    <div class="summary">
+      <div class="summary-card critical">
+        <div class="value" style="color: #ef4444">${result.summary.critical}</div>
+        <div class="label">严重问题</div>
+      </div>
+      <div class="summary-card warning">
+        <div class="value" style="color: #eab308">${result.summary.warnings}</div>
+        <div class="label">警告</div>
+      </div>
+      <div class="summary-card clean">
+        <div class="value" style="color: #22c55e">${result.summary.clean}</div>
+        <div class="label">通过检查</div>
+      </div>
+    </div>
+    
+    <div class="categories">
+      ${(result.categories || []).map(cat => `
+        <div class="category">
+          <div class="category-header">
+            <h3>${categoryNames[cat.name] || cat.name}</h3>
+            <div class="category-stats">
+              ${cat.critical > 0 ? `<span style="background: rgba(239,68,68,0.2); color: #ef4444">严重: ${cat.critical}</span>` : ''}
+              ${cat.warnings > 0 ? `<span style="background: rgba(234,179,8,0.2); color: #eab308">警告: ${cat.warnings}</span>` : ''}
+              ${cat.clean > 0 ? `<span style="background: rgba(34,197,94,0.2); color: #22c55e">通过: ${cat.clean}</span>` : ''}
+            </div>
+          </div>
+        </div>
+      `).join('')}
+    </div>
+    
+    ${(result.items || []).length > 0 ? `
+    <div class="items-section">
+      <h2 style="margin-bottom: 1rem;">问题详情</h2>
+      ${result.items.map(item => `
+        <div class="item ${item.severity}">
+          <div class="title">${item.title || item.checkName || '未知问题'}</div>
+          <div class="description">${item.description || item.message || ''}</div>
+        </div>
+      `).join('')}
+    </div>
+    ` : ''}
+    
+    <div class="footer">
+      <p>Generated by MohuClaw Security Assistant</p>
+      <p>© 2024 北京模湖智能科技有限公司</p>
+    </div>
+  </div>
+</body>
+</html>`;
+  
+  res.setHeader('Content-Type', 'text/html; charset=utf-8');
+  res.setHeader('Content-Disposition', `attachment; filename="mohuclaw-report-${taskId}.html"`);
+  res.send(html);
+});
+
+// Export scan report as plain text
+app.get('/api/export/txt/:taskId', (req, res) => {
+  const { taskId } = req.params;
+  const result = scanResults.get(taskId);
+  
+  if (!result) {
+    return res.status(404).json({ error: 'Scan result not found' });
+  }
+  
+  const lines = [
+    '========================================',
+    '       MohuClaw 安全扫描报告',
+    '========================================',
+    '',
+    `任务ID: ${taskId}`,
+    `生成时间: ${new Date().toLocaleString('zh-CN')}`,
+    `状态: ${result.status}`,
+    '',
+    '--- 扫描摘要 ---',
+    `严重问题: ${result.summary.critical}`,
+    `警告: ${result.summary.warnings}`,
+    `通过检查: ${result.summary.clean}`,
+    '',
+    '--- 分类详情 ---',
+    ...(result.categories || []).map(cat => 
+      `${cat.name}: ${cat.critical} 严重, ${cat.warnings} 警告, ${cat.clean} 通过`
+    ),
+    '',
+    '--- 问题详情 ---',
+    ...(result.items || []).map(item => 
+      `[${item.severity?.toUpperCase() || 'INFO'}] ${item.title || item.checkName}: ${item.description || item.message || ''}`
+    ),
+    '',
+    '========================================',
+    'Generated by MohuClaw Security Assistant',
+    '© 2024 北京模湖智能科技有限公司',
+    '========================================'
+  ];
+  
+  res.setHeader('Content-Type', 'text/plain; charset=utf-8');
+  res.setHeader('Content-Disposition', `attachment; filename="mohuclaw-report-${taskId}.txt"`);
+  res.send(lines.join('\n'));
+});
+
 // Start server
 app.listen(PORT, '0.0.0.0', () => {
   console.log(`🛡️  MohuClaw Web UI running at http://localhost:${PORT}`);