npm - shellward - Versions diffs - 0.7.7 → 0.7.9 - Mend

shellward 0.7.7 → 0.7.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +1 -1
package/dist/compliance/audit.js +3 -2
package/dist/compliance/html-report.js +7 -1
package/dist/compliance/report.js +6 -0
package/dist/web/scan-server.js +70 -12
package/package.json +1 -1
package/src/compliance/audit.ts +3 -4
package/src/compliance/html-report.ts +9 -1
package/src/compliance/report.ts +6 -0
package/src/web/scan-server.ts +65 -12

package/README.md CHANGED Viewed

@@ -8,7 +8,7 @@
 [![npm](https://img.shields.io/npm/v/shellward?color=cb0000&label=npm)](https://www.npmjs.com/package/shellward)
 [![license](https://img.shields.io/badge/license-Apache--2.0-blue)](./LICENSE)
-[![tests](https://img.shields.io/badge/tests-300%20passing-brightgreen)](#performance)
+[![tests](https://img.shields.io/badge/tests-302%20passing-brightgreen)](#performance)
 [![deps](https://img.shields.io/badge/dependencies-0-brightgreen)](#performance)
 **🌐 官网: https://jnmetacode.github.io/shellward/**

package/dist/compliance/audit.js CHANGED Viewed

@@ -141,9 +141,10 @@ function computeProjectPenalty(scan) {
     return Math.min(MAX_PROJECT_PENALTY, p);
 }
 function checkControl(c, config, env, deployed) {
-    // 静态扫描（未部署运行时）下，能力层/审计日志类控制项无法验证 —— 标为顾问态，绝不虚报"已合规"
+    // 静态扫描（未部署运行时）下，能力层/审计日志类控制项无法验证 —— 标为顾问态，绝不虚报"已合规"。
+    // 「为何待核验」统一在报告区块开头说一次；这里每行只留"该做什么"，避免 12 行重复同一句。
     if (!deployed && (c.method === 'capability' || c.method === 'config' || c.method === 'audit')) {
-        return mk(c, 'manual', `ShellWard 运行时可提供此防护；当前为静态扫描、未部署，无法验证。整改：${c.remediation_zh}`, `Provided by ShellWard runtime; not verifiable in a static scan. ${c.remediation_en}`);
+        return mk(c, 'manual', c.remediation_zh, c.remediation_en);
     }
     switch (c.method) {
         case 'capability': return checkCapability(c, config);

package/dist/compliance/html-report.js CHANGED Viewed

@@ -137,7 +137,10 @@ export function renderHtmlReport(report, scan, locale, meta) {
         S.push(`<p class="note">💡 ${t('对使用 openai SDK 的项目：通常仅需把 base_url 与 api_key 换成上表任一境内模型即可，业务代码无需改动。', 'For openai-SDK projects: usually just swap base_url + api_key — no code change.')}</p>`);
     }
     // ===== 控制项明细 =====
-    S.push(sectionHead('📋', t('合规控制项明细', 'Compliance Controls'), t('按法规分组；⚪ 项为运行时/人工核验', 'By regulation; ⚪ = runtime / manual review')));
+    S.push(sectionHead('📋', t('合规控制项明细', 'Compliance Controls'), t('按法规分组', 'By regulation')));
+    if (report.staticScan && report.manual > 0) {
+        S.push(`<div class="note manual-note">${t(`<b>⚪ 待核验 ≠ 不合规。</b> 下方 ${report.manual} 项是<b>运行时合规控制</b>（审计留存、内容过滤、注入拦截、数据外发管控等）——靠"看代码"的静态扫描判断不了，需把 ShellWard 接入你的 AI 应用（<code>npx shellward mcp</code> 或插件）作为运行时防护后才能验证，或人工核验。每项后面是"该做什么"。`, `<b>⚪ Review ≠ non-compliant.</b> The ${report.manual} items below are <b>runtime controls</b> a static scan cannot verify — deploy ShellWard as a runtime guard (<code>npx shellward mcp</code> / plugin) to validate them. Each row shows the remediation.`)}</div>`);
+    }
     const grouped = groupBy(report.results);
     for (const reg of REG_ORDER) {
         const items = grouped[reg];
@@ -312,6 +315,9 @@ table.tbl td.right{width:64px}
 .mtag.mid{background:var(--warn-bg);color:var(--warn)}
 .note{margin:8px 36px 4px;font-size:12.5px;color:var(--muted);background:#f8fafc;
   border-left:3px solid var(--brand);padding:10px 14px;border-radius:0 8px 8px 0}
+.manual-note{margin:8px 36px 12px;font-size:13px;color:#475569;background:#eff6ff;
+  border-left:3px solid #3b82f6;line-height:1.6}
+.manual-note code{background:#dbeafe;padding:1px 6px;border-radius:5px}
 /* 法规分组 */
 .reg{margin:14px 36px;padding:0;border:1px solid var(--line);border-radius:12px;overflow:hidden}

package/dist/compliance/report.js CHANGED Viewed

@@ -82,6 +82,12 @@ export function renderComplianceReport(report, locale) {
     // ===== 按法规分组明细 =====
     L.push(zh ? '## 分项明细' : '## Detailed Results');
     L.push('');
+    if (report.staticScan && report.manual > 0) {
+        L.push(zh
+            ? `> **⚪ 待核验 ≠ 不合规。** 下方 ${report.manual} 项是**运行时合规控制**（审计留存、内容过滤、注入拦截、数据外发管控等），静态扫描（看代码）判断不了，需把 ShellWard 接入你的 AI 应用（\`npx shellward mcp\` 或插件）作为运行时防护后验证，或人工核验。`
+            : `> **⚪ Review ≠ non-compliant.** The ${report.manual} items below are runtime controls a static scan cannot verify — deploy ShellWard as a runtime guard to validate.`);
+        L.push('');
+    }
     const grouped = groupByRegulation(report.results);
     for (const reg of REGULATION_ORDER) {
         const items = grouped[reg];

package/dist/web/scan-server.js CHANGED Viewed

@@ -14,8 +14,8 @@
 //   - 并发上限，防滥用
 import { createServer } from 'http';
 import { spawn } from 'child_process';
-import { mkdtempSync, rmSync, existsSync, statSync, mkdirSync, writeFileSync } from 'fs';
-import { tmpdir } from 'os';
+import { mkdtempSync, rmSync, existsSync, statSync, mkdirSync, writeFileSync, readdirSync } from 'fs';
+import { tmpdir, homedir } from 'os';
 import { join, resolve, dirname, normalize, isAbsolute } from 'path';
 import { runProjectComplianceAudit } from '../compliance/audit.js';
 import { renderHtmlReport } from '../compliance/html-report.js';
@@ -52,6 +52,12 @@ export function startWebServer(opts) {
                     return send(res, 503, 'text/html', errorPage('服务繁忙，请稍后再试'));
                 return await handleUpload(req, res, locale, () => { active++; }, () => { active--; });
             }
+            // 本地目录浏览（仅本地模式）：服务端直接列子目录，让用户点选要扫的文件夹（零上传）
+            if (u.pathname === '/browse') {
+                if (!opts.local)
+                    return send(res, 403, 'application/json', JSON.stringify({ error: '仅本地模式可用' }));
+                return handleBrowse(res, u.searchParams.get('dir'));
+            }
             // 演示：扫一个内置的「含风险样例项目」——证明"秒出≠没检查"（满屏发现 + 行号）
             if (u.pathname === '/demo') {
                 if (active >= MAX_CONCURRENT)
@@ -199,6 +205,32 @@ async function handleUpload(req, res, locale, inc, dec) {
         catch { /* ignore */ }
     }
 }
+/** 本地目录浏览：返回某目录下的子目录列表（供网页点选；不读文件内容、不上传） */
+function handleBrowse(res, dirParam) {
+    try {
+        const abs = resolve(dirParam && dirParam.trim() ? dirParam : homedir());
+        const entries = readdirSync(abs, { withFileTypes: true })
+            .filter(e => { try {
+            return e.isDirectory();
+        }
+        catch {
+            return false;
+        } })
+            .map(e => e.name)
+            .filter(n => !n.startsWith('.') && n !== 'node_modules')
+            .sort((a, b) => a.localeCompare(b))
+            .slice(0, 500);
+        const parent = dirname(abs);
+        send(res, 200, 'application/json', JSON.stringify({
+            current: abs,
+            parent: parent === abs ? null : parent,
+            dirs: entries,
+        }));
+    }
+    catch (e) {
+        send(res, 200, 'application/json', JSON.stringify({ error: e?.message || String(e) }));
+    }
+}
 /** 演示：内置「含风险样例项目」扫描，证明检测真在工作 */
 function handleDemo(res, locale, inc, dec) {
     const dir = mkdtempSync(join(tmpdir(), 'sw-demo-'));
@@ -259,13 +291,13 @@ function formPage(local) {
         <p class="hint">仅支持公开仓库（GitHub / GitLab / Gitee / Bitbucket）。大仓库可能超时——${local ? '此时改用上方「选择文件夹」更稳。' : '<b>大仓库 / 私有代码请用本地客户端或 CLI</b>：<code>npx shellward web --local</code> / <code>npx shellward scan</code>（不上传）。'}</p>
       </form>`;
     const uploadForm = local ? `
-      <form id="dirform">
-        <label>① 选择本地项目文件夹（推荐）</label>
-        <input type="file" id="dir" webkitdirectory directory multiple>
-        <button id="dbtn" type="submit">开始体检 →</button>
-        <div id="status" class="status"></div>
-        <p class="hint">📂 直接选你的项目文件夹，无需敲路径。文件仅发送到<b>本机的本地服务</b>处理，<b>不经过任何外部服务器、不出本机</b>。</p>
-      </form>
+      <label>① 在本机点选项目文件夹（推荐 · 零上传）</label>
+      <div class="browser">
+        <div class="bpath" id="curpath">加载中…</div>
+        <ul class="dirs" id="dirs"></ul>
+      </div>
+      <button id="scanbtn" type="button">✅ 扫描当前文件夹 →</button>
+      <p class="hint">📂 在你电脑上点进项目目录，再点"扫描当前文件夹"。<b>服务端直接读取本机文件、零上传、不出本机</b>，自动跳过 node_modules，无需选 3 万个文件。</p>
       <div class="or">— 或 —</div>` : '';
     return page('ShellWard 合规体检', `
     <div class="hero">
@@ -278,10 +310,28 @@ function formPage(local) {
       <p class="foot">网安法 2026 · PIPL · 等保2.0 · 数据出境 · AI标识 ｜ 零依赖 · 开源 ·
         <a href="https://github.com/jnMetaCode/shellward">GitHub ⭐</a></p>
     </div>
-    ${local ? UPLOAD_SCRIPT : ''}`);
+    ${local ? BROWSE_SCRIPT : ''}`);
 }
-// 客户端：读取所选文件夹 → 过滤(跳过 node_modules 等、仅文本/配置、限大小) → POST 到本机服务
-// 注意：过滤后缀须与服务端 SCAN_EXT 对齐（含 .md），否则 markdown 项目会被全滤光显得"扫不了"。
+// 本地目录浏览器：点选文件夹 → 服务端直接扫（零上传，不读 node_modules）
+const BROWSE_SCRIPT = `<script>
+(function(){
+  var cur='';
+  function load(dir){
+    var cp=document.getElementById('curpath'); if(cp)cp.textContent='加载中…';
+    fetch('/browse?dir='+encodeURIComponent(dir||'')).then(function(r){return r.json()}).then(function(d){
+      if(d.error){ if(cp)cp.textContent='无法读取：'+d.error; return; }
+      cur=d.current; if(cp)cp.textContent=cur;
+      var ul=document.getElementById('dirs'); if(!ul)return; ul.innerHTML='';
+      if(d.parent){ var up=document.createElement('li'); up.className='up'; up.textContent='⬆ 上级目录'; up.onclick=function(){load(d.parent)}; ul.appendChild(up); }
+      if(!d.dirs.length){ var e=document.createElement('li'); e.className='empty'; e.textContent='（此目录无子文件夹，可直接点上方扫描）'; ul.appendChild(e); }
+      d.dirs.forEach(function(name){ var li=document.createElement('li'); li.textContent='📁 '+name; li.onclick=function(){ load(cur.replace(/\\/+$/,'')+'/'+name) }; ul.appendChild(li); });
+    }).catch(function(e){ if(cp)cp.textContent='错误：'+e; });
+  }
+  var sb=document.getElementById('scanbtn');
+  if(sb){ sb.onclick=function(){ if(cur){ sb.disabled=true; sb.textContent='扫描中…'; window.location.href='/scan?path='+encodeURIComponent(cur); } }; load(''); }
+})();
+</script>`;
+// （旧上传脚本保留备用，当前本地模式改用目录浏览器）
 const UPLOAD_SCRIPT = `<script>
 (function(){
   var SKIP=/(^|\\/)(node_modules|\\.git|dist|build|\\.next|out|vendor|coverage|\\.venv|venv|__pycache__|target|\\.cache)(\\/|$)/;
@@ -350,6 +400,14 @@ form{margin:0 0 14px}.or{text-align:center;color:#94a3b8;font-size:13px;margin:6
 .status{display:none;margin:10px 0 0;padding:10px 14px;border-radius:8px;background:#f1f5f9;
 color:#334155;font-size:13.5px;border-left:3px solid #cb0000;text-align:left}
 .demo{margin:18px 0 0;font-size:13px;color:#475569}.demo a{font-weight:600}
+.browser{border:1px solid #cbd5e1;border-radius:10px;overflow:hidden;margin:4px 0 10px;text-align:left}
+.bpath{background:#0f172a;color:#93c5fd;font-family:ui-monospace,Menlo,monospace;font-size:12px;
+padding:9px 12px;word-break:break-all}
+.dirs{list-style:none;margin:0;padding:0;max-height:240px;overflow-y:auto}
+.dirs li{padding:9px 14px;border-top:1px solid #eef2f7;cursor:pointer;font-size:14px}
+.dirs li:hover{background:#f1f5f9}
+.dirs li.up{color:#cb0000;font-weight:600}
+.dirs li.empty{color:#94a3b8;cursor:default;font-size:13px}
 .foot{margin:24px 0 0;font-size:12.5px;color:#94a3b8}.foot a,.back{color:#cb0000;text-decoration:none}
 .back{font-weight:600}
 </style></head><body>${body}</body></html>`;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "shellward",
-  "version": "0.7.7",
+  "version": "0.7.9",
   "mcpName": "io.github.jnMetaCode/shellward",
   "description": "AI agent security & MCP security middleware — prompt injection detection, AI firewall, runtime guardrails & data-loss prevention for LLM tool calls. 8-layer defense against data exfiltration & dangerous commands. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents, Hermes Agent.",
   "keywords": [

package/src/compliance/audit.ts CHANGED Viewed

@@ -212,11 +212,10 @@ function computeProjectPenalty(scan: ProjectScanResult): number {
 }
 function checkControl(c: ComplianceControl, config: ShellWardConfig, env: EnvFacts, deployed: boolean): ControlResult {
-  // 静态扫描（未部署运行时）下，能力层/审计日志类控制项无法验证 —— 标为顾问态，绝不虚报"已合规"
+  // 静态扫描（未部署运行时）下，能力层/审计日志类控制项无法验证 —— 标为顾问态，绝不虚报"已合规"。
+  // 「为何待核验」统一在报告区块开头说一次；这里每行只留"该做什么"，避免 12 行重复同一句。
   if (!deployed && (c.method === 'capability' || c.method === 'config' || c.method === 'audit')) {
-    return mk(c, 'manual',
-      `ShellWard 运行时可提供此防护；当前为静态扫描、未部署，无法验证。整改：${c.remediation_zh}`,
-      `Provided by ShellWard runtime; not verifiable in a static scan. ${c.remediation_en}`)
+    return mk(c, 'manual', c.remediation_zh, c.remediation_en)
   }
   switch (c.method) {
     case 'capability': return checkCapability(c, config)

package/src/compliance/html-report.ts CHANGED Viewed

@@ -164,7 +164,12 @@ export function renderHtmlReport(
   // ===== 控制项明细 =====
   S.push(sectionHead('📋', t('合规控制项明细', 'Compliance Controls'),
-    t('按法规分组；⚪ 项为运行时/人工核验', 'By regulation; ⚪ = runtime / manual review')))
+    t('按法规分组', 'By regulation')))
+  if (report.staticScan && report.manual > 0) {
+    S.push(`<div class="note manual-note">${t(
+      `<b>⚪ 待核验 ≠ 不合规。</b> 下方 ${report.manual} 项是<b>运行时合规控制</b>（审计留存、内容过滤、注入拦截、数据外发管控等）——靠"看代码"的静态扫描判断不了，需把 ShellWard 接入你的 AI 应用（<code>npx shellward mcp</code> 或插件）作为运行时防护后才能验证，或人工核验。每项后面是"该做什么"。`,
+      `<b>⚪ Review ≠ non-compliant.</b> The ${report.manual} items below are <b>runtime controls</b> a static scan cannot verify — deploy ShellWard as a runtime guard (<code>npx shellward mcp</code> / plugin) to validate them. Each row shows the remediation.`)}</div>`)
+  }
   const grouped = groupBy(report.results)
   for (const reg of REG_ORDER) {
     const items = grouped[reg]
@@ -349,6 +354,9 @@ table.tbl td.right{width:64px}
 .mtag.mid{background:var(--warn-bg);color:var(--warn)}
 .note{margin:8px 36px 4px;font-size:12.5px;color:var(--muted);background:#f8fafc;
   border-left:3px solid var(--brand);padding:10px 14px;border-radius:0 8px 8px 0}
+.manual-note{margin:8px 36px 12px;font-size:13px;color:#475569;background:#eff6ff;
+  border-left:3px solid #3b82f6;line-height:1.6}
+.manual-note code{background:#dbeafe;padding:1px 6px;border-radius:5px}
 /* 法规分组 */
 .reg{margin:14px 36px;padding:0;border:1px solid var(--line);border-radius:12px;overflow:hidden}

package/src/compliance/report.ts CHANGED Viewed

@@ -93,6 +93,12 @@ export function renderComplianceReport(report: ComplianceReport, locale: 'zh' |
   // ===== 按法规分组明细 =====
   L.push(zh ? '## 分项明细' : '## Detailed Results')
   L.push('')
+  if (report.staticScan && report.manual > 0) {
+    L.push(zh
+      ? `> **⚪ 待核验 ≠ 不合规。** 下方 ${report.manual} 项是**运行时合规控制**（审计留存、内容过滤、注入拦截、数据外发管控等），静态扫描（看代码）判断不了，需把 ShellWard 接入你的 AI 应用（\`npx shellward mcp\` 或插件）作为运行时防护后验证，或人工核验。`
+      : `> **⚪ Review ≠ non-compliant.** The ${report.manual} items below are runtime controls a static scan cannot verify — deploy ShellWard as a runtime guard to validate.`)
+    L.push('')
+  }
   const grouped = groupByRegulation(report.results)
   for (const reg of REGULATION_ORDER) {

package/src/web/scan-server.ts CHANGED Viewed

@@ -15,8 +15,8 @@
 import { createServer } from 'http'
 import { spawn } from 'child_process'
-import { mkdtempSync, rmSync, existsSync, statSync, mkdirSync, writeFileSync } from 'fs'
-import { tmpdir } from 'os'
+import { mkdtempSync, rmSync, existsSync, statSync, mkdirSync, writeFileSync, readdirSync } from 'fs'
+import { tmpdir, homedir } from 'os'
 import { join, resolve, dirname, normalize, isAbsolute } from 'path'
 import { runProjectComplianceAudit } from '../compliance/audit.js'
 import { renderHtmlReport } from '../compliance/html-report.js'
@@ -58,6 +58,11 @@ export function startWebServer(opts: WebServerOptions): void {
         if (active >= MAX_CONCURRENT) return send(res, 503, 'text/html', errorPage('服务繁忙，请稍后再试'))
         return await handleUpload(req, res, locale, () => { active++ }, () => { active-- })
       }
+      // 本地目录浏览（仅本地模式）：服务端直接列子目录，让用户点选要扫的文件夹（零上传）
+      if (u.pathname === '/browse') {
+        if (!opts.local) return send(res, 403, 'application/json', JSON.stringify({ error: '仅本地模式可用' }))
+        return handleBrowse(res, u.searchParams.get('dir'))
+      }
       // 演示：扫一个内置的「含风险样例项目」——证明"秒出≠没检查"（满屏发现 + 行号）
       if (u.pathname === '/demo') {
         if (active >= MAX_CONCURRENT) return send(res, 503, 'text/html', errorPage('服务繁忙，请稍后再试'))
@@ -180,6 +185,27 @@ async function handleUpload(req: any, res: any, locale: 'zh' | 'en', inc: () =>
   }
 }
+/** 本地目录浏览：返回某目录下的子目录列表（供网页点选；不读文件内容、不上传） */
+function handleBrowse(res: any, dirParam: string | null) {
+  try {
+    const abs = resolve(dirParam && dirParam.trim() ? dirParam : homedir())
+    const entries = readdirSync(abs, { withFileTypes: true })
+      .filter(e => { try { return e.isDirectory() } catch { return false } })
+      .map(e => e.name)
+      .filter(n => !n.startsWith('.') && n !== 'node_modules')
+      .sort((a, b) => a.localeCompare(b))
+      .slice(0, 500)
+    const parent = dirname(abs)
+    send(res, 200, 'application/json', JSON.stringify({
+      current: abs,
+      parent: parent === abs ? null : parent,
+      dirs: entries,
+    }))
+  } catch (e: any) {
+    send(res, 200, 'application/json', JSON.stringify({ error: e?.message || String(e) }))
+  }
+}
 /** 演示：内置「含风险样例项目」扫描，证明检测真在工作 */
 function handleDemo(res: any, locale: 'zh' | 'en', inc: () => void, dec: () => void) {
   const dir = mkdtempSync(join(tmpdir(), 'sw-demo-'))
@@ -242,13 +268,13 @@ function formPage(local: boolean): string {
       </form>`
   const uploadForm = local ? `
-      <form id="dirform">
-        <label>① 选择本地项目文件夹（推荐）</label>
-        <input type="file" id="dir" webkitdirectory directory multiple>
-        <button id="dbtn" type="submit">开始体检 →</button>
-        <div id="status" class="status"></div>
-        <p class="hint">📂 直接选你的项目文件夹，无需敲路径。文件仅发送到<b>本机的本地服务</b>处理，<b>不经过任何外部服务器、不出本机</b>。</p>
-      </form>
+      <label>① 在本机点选项目文件夹（推荐 · 零上传）</label>
+      <div class="browser">
+        <div class="bpath" id="curpath">加载中…</div>
+        <ul class="dirs" id="dirs"></ul>
+      </div>
+      <button id="scanbtn" type="button">✅ 扫描当前文件夹 →</button>
+      <p class="hint">📂 在你电脑上点进项目目录，再点"扫描当前文件夹"。<b>服务端直接读取本机文件、零上传、不出本机</b>，自动跳过 node_modules，无需选 3 万个文件。</p>
       <div class="or">— 或 —</div>` : ''
   return page('ShellWard 合规体检', `
@@ -262,11 +288,30 @@ function formPage(local: boolean): string {
       <p class="foot">网安法 2026 · PIPL · 等保2.0 · 数据出境 · AI标识 ｜ 零依赖 · 开源 ·
         <a href="https://github.com/jnMetaCode/shellward">GitHub ⭐</a></p>
     </div>
-    ${local ? UPLOAD_SCRIPT : ''}`)
+    ${local ? BROWSE_SCRIPT : ''}`)
 }
-// 客户端：读取所选文件夹 → 过滤(跳过 node_modules 等、仅文本/配置、限大小) → POST 到本机服务
-// 注意：过滤后缀须与服务端 SCAN_EXT 对齐（含 .md），否则 markdown 项目会被全滤光显得"扫不了"。
+// 本地目录浏览器：点选文件夹 → 服务端直接扫（零上传，不读 node_modules）
+const BROWSE_SCRIPT = `<script>
+(function(){
+  var cur='';
+  function load(dir){
+    var cp=document.getElementById('curpath'); if(cp)cp.textContent='加载中…';
+    fetch('/browse?dir='+encodeURIComponent(dir||'')).then(function(r){return r.json()}).then(function(d){
+      if(d.error){ if(cp)cp.textContent='无法读取：'+d.error; return; }
+      cur=d.current; if(cp)cp.textContent=cur;
+      var ul=document.getElementById('dirs'); if(!ul)return; ul.innerHTML='';
+      if(d.parent){ var up=document.createElement('li'); up.className='up'; up.textContent='⬆ 上级目录'; up.onclick=function(){load(d.parent)}; ul.appendChild(up); }
+      if(!d.dirs.length){ var e=document.createElement('li'); e.className='empty'; e.textContent='（此目录无子文件夹，可直接点上方扫描）'; ul.appendChild(e); }
+      d.dirs.forEach(function(name){ var li=document.createElement('li'); li.textContent='📁 '+name; li.onclick=function(){ load(cur.replace(/\\/+$/,'')+'/'+name) }; ul.appendChild(li); });
+    }).catch(function(e){ if(cp)cp.textContent='错误：'+e; });
+  }
+  var sb=document.getElementById('scanbtn');
+  if(sb){ sb.onclick=function(){ if(cur){ sb.disabled=true; sb.textContent='扫描中…'; window.location.href='/scan?path='+encodeURIComponent(cur); } }; load(''); }
+})();
+</script>`
+// （旧上传脚本保留备用，当前本地模式改用目录浏览器）
 const UPLOAD_SCRIPT = `<script>
 (function(){
   var SKIP=/(^|\\/)(node_modules|\\.git|dist|build|\\.next|out|vendor|coverage|\\.venv|venv|__pycache__|target|\\.cache)(\\/|$)/;
@@ -337,6 +382,14 @@ form{margin:0 0 14px}.or{text-align:center;color:#94a3b8;font-size:13px;margin:6
 .status{display:none;margin:10px 0 0;padding:10px 14px;border-radius:8px;background:#f1f5f9;
 color:#334155;font-size:13.5px;border-left:3px solid #cb0000;text-align:left}
 .demo{margin:18px 0 0;font-size:13px;color:#475569}.demo a{font-weight:600}
+.browser{border:1px solid #cbd5e1;border-radius:10px;overflow:hidden;margin:4px 0 10px;text-align:left}
+.bpath{background:#0f172a;color:#93c5fd;font-family:ui-monospace,Menlo,monospace;font-size:12px;
+padding:9px 12px;word-break:break-all}
+.dirs{list-style:none;margin:0;padding:0;max-height:240px;overflow-y:auto}
+.dirs li{padding:9px 14px;border-top:1px solid #eef2f7;cursor:pointer;font-size:14px}
+.dirs li:hover{background:#f1f5f9}
+.dirs li.up{color:#cb0000;font-weight:600}
+.dirs li.empty{color:#94a3b8;cursor:default;font-size:13px}
 .foot{margin:24px 0 0;font-size:12.5px;color:#94a3b8}.foot a,.back{color:#cb0000;text-decoration:none}
 .back{font-weight:600}
 </style></head><body>${body}</body></html>`