shellward 0.7.2 → 0.7.3

package/dist/compliance/audit.js

@@ -103,11 +103,12 @@ export function runProjectComplianceAudit(config, root) {
     const env = gatherEnvFacts();
     // 把文件中实测到的境外端点/依赖并入 facts（按 endpointId 或 provider 去重），
     // 使数据出境项基于真实证据（含 SDK 依赖通道）
-    const seen = new Set(env.overseas.map(o => o.endpointId || o.provider_en));
+    const seen = new Set(env.overseas.map(o => (o.endpointId || o.provider_en || '').toLowerCase()));
     for (const f of scan.findings) {
         if (f.kind !== 'overseas')
             continue;
-        const key = f.endpointId || f.provider_en || '';
+        // 按厂商去重（不区分大小写），避免"端点命中"与"SDK依赖命中"把同一厂商列两次
+        const key = (f.provider_en || f.endpointId || '').toLowerCase();
         if (!key || seen.has(key))
             continue;
         seen.add(key);

package/dist/compliance/html-report.js

@@ -72,7 +72,7 @@ export function renderHtmlReport(report, scan, locale, meta) {
     </div>
   </section>`);
     // ===== 项目实测风险 =====
-    S.push(sectionHead('🔍', t('项目实测风险', 'Project Scan Findings'), t(`已扫描 ${scan.filesScanned} 个文件${scan.truncated ? '（已达上限）' : ''}`, `Scanned ${scan.filesScanned} files${scan.truncated ? ' (limit reached)' : ''}`)));
+    S.push(sectionHead('🔍', t('项目实测风险', 'Project Scan Findings'), t(`已扫描 ${scan.filesScanned} 个文件${scan.truncated ? '（已达上限）' : ''} · 耗时 ${scan.durationMs ?? '?'}ms · 应用 ${scan.rulesChecked ?? '?'} 条检测规则`, `Scanned ${scan.filesScanned} files${scan.truncated ? ' (limit reached)' : ''} · ${scan.durationMs ?? '?'}ms · ${scan.rulesChecked ?? '?'} detection rules`)));
     if (scan.findings.length === 0) {
         S.push(`<div class="empty">🟢 ${t('未在项目文件中发现硬编码密钥、个人信息暴露或境外端点。', 'No hardcoded secrets, PII, or overseas endpoints found in project files.')}</div>`);
     }

package/dist/compliance/project-scan.d.ts

@@ -18,6 +18,10 @@ export interface ProjectScanResult {
     truncated: boolean;
     findings: ProjectFinding[];
     counts: Record<FindingKind, number>;
+    /** 扫描耗时(ms) —— 透明度：让用户看到确实在干活 */
+    durationMs?: number;
+    /** 本次应用的检测规则总数（端点 + SDK 依赖 + 密钥/PII 模式） */
+    rulesChecked?: number;
 }
 /** 扫描项目目录，返回真实风险发现 */
 export declare function scanProject(root: string): ProjectScanResult;

package/dist/compliance/report.js

@@ -126,8 +126,8 @@ export function renderProjectFindings(scan, locale) {
     L.push(zh ? '## 🔍 项目实测风险' : '## 🔍 Project Scan Findings');
     L.push('');
     L.push(zh
-        ? `> 已扫描 ${scan.filesScanned} 个文件${scan.truncated ? '（已达上限，部分未扫）' : ''}`
-        : `> Scanned ${scan.filesScanned} files${scan.truncated ? ' (limit reached, partial)' : ''}`);
+        ? `> 已扫描 ${scan.filesScanned} 个文件${scan.truncated ? '（已达上限）' : ''} · 耗时 ${scan.durationMs ?? '?'}ms · 应用 ${scan.rulesChecked ?? '?'} 条检测规则`
+        : `> Scanned ${scan.filesScanned} files${scan.truncated ? ' (limit reached)' : ''} · ${scan.durationMs ?? '?'}ms · ${scan.rulesChecked ?? '?'} detection rules`);
     L.push('');
     if (scan.findings.length === 0) {
         L.push(zh ? '🟢 未在项目文件中发现硬编码密钥、个人信息暴露或境外端点。' : '🟢 No hardcoded secrets, PII exposure, or overseas endpoints found in project files.');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shellward",
-  "version": "0.7.2",
+  "version": "0.7.3",
   "mcpName": "io.github.jnMetaCode/shellward",
   "description": "AI agent security & MCP security middleware — prompt injection detection, AI firewall, runtime guardrails & data-loss prevention for LLM tool calls. 8-layer defense against data exfiltration & dangerous commands. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents, Hermes Agent.",
   "keywords": [

package/src/compliance/audit.ts

@@ -171,10 +171,11 @@ export function runProjectComplianceAudit(config: ShellWardConfig, root: string)
 
   // 把文件中实测到的境外端点/依赖并入 facts（按 endpointId 或 provider 去重），
   // 使数据出境项基于真实证据（含 SDK 依赖通道）
-  const seen = new Set(env.overseas.map(o => o.endpointId || o.provider_en))
+  const seen = new Set(env.overseas.map(o => (o.endpointId || o.provider_en || '').toLowerCase()))
   for (const f of scan.findings) {
     if (f.kind !== 'overseas') continue
-    const key = f.endpointId || f.provider_en || ''
+    // 按厂商去重（不区分大小写），避免"端点命中"与"SDK依赖命中"把同一厂商列两次
+    const key = (f.provider_en || f.endpointId || '').toLowerCase()
     if (!key || seen.has(key)) continue
     seen.add(key)
     env.overseas.push({

package/src/compliance/html-report.ts

@@ -96,8 +96,8 @@ export function renderHtmlReport(
 
   // ===== 项目实测风险 =====
   S.push(sectionHead('🔍', t('项目实测风险', 'Project Scan Findings'),
-    t(`已扫描 ${scan.filesScanned} 个文件${scan.truncated ? '（已达上限）' : ''}`,
-      `Scanned ${scan.filesScanned} files${scan.truncated ? ' (limit reached)' : ''}`)))
+    t(`已扫描 ${scan.filesScanned} 个文件${scan.truncated ? '（已达上限）' : ''} · 耗时 ${scan.durationMs ?? '?'}ms · 应用 ${scan.rulesChecked ?? '?'} 条检测规则`,
+      `Scanned ${scan.filesScanned} files${scan.truncated ? ' (limit reached)' : ''} · ${scan.durationMs ?? '?'}ms · ${scan.rulesChecked ?? '?'} detection rules`)))
 
   if (scan.findings.length === 0) {
     S.push(`<div class="empty">🟢 ${t('未在项目文件中发现硬编码密钥、个人信息暴露或境外端点。',

package/src/compliance/report.ts

@@ -141,8 +141,8 @@ export function renderProjectFindings(scan: ProjectScanResult, locale: 'zh' | 'e
   L.push(zh ? '## 🔍 项目实测风险' : '## 🔍 Project Scan Findings')
   L.push('')
   L.push(zh
-    ? `> 已扫描 ${scan.filesScanned} 个文件${scan.truncated ? '（已达上限，部分未扫）' : ''}`
-    : `> Scanned ${scan.filesScanned} files${scan.truncated ? ' (limit reached, partial)' : ''}`)
+    ? `> 已扫描 ${scan.filesScanned} 个文件${scan.truncated ? '（已达上限）' : ''} · 耗时 ${scan.durationMs ?? '?'}ms · 应用 ${scan.rulesChecked ?? '?'} 条检测规则`
+    : `> Scanned ${scan.filesScanned} files${scan.truncated ? ' (limit reached)' : ''} · ${scan.durationMs ?? '?'}ms · ${scan.rulesChecked ?? '?'} detection rules`)
   L.push('')
 
   if (scan.findings.length === 0) {