npm - shellward - Versions diffs - 0.7.8 → 0.7.10 - Mend

shellward 0.7.8 → 0.7.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/compliance/audit.js +3 -2
package/dist/compliance/html-report.d.ts +2 -0
package/dist/compliance/html-report.js +12 -1
package/dist/compliance/report.js +6 -0
package/dist/web/scan-server.js +30 -17
package/package.json +1 -1
package/src/compliance/audit.ts +3 -4
package/src/compliance/html-report.ts +16 -1
package/src/compliance/report.ts +6 -0
package/src/web/scan-server.ts +30 -17

package/dist/compliance/audit.js CHANGED Viewed

@@ -141,9 +141,10 @@ function computeProjectPenalty(scan) {
     return Math.min(MAX_PROJECT_PENALTY, p);
 }
 function checkControl(c, config, env, deployed) {
-    // 静态扫描（未部署运行时）下，能力层/审计日志类控制项无法验证 —— 标为顾问态，绝不虚报"已合规"
+    // 静态扫描（未部署运行时）下，能力层/审计日志类控制项无法验证 —— 标为顾问态，绝不虚报"已合规"。
+    // 「为何待核验」统一在报告区块开头说一次；这里每行只留"该做什么"，避免 12 行重复同一句。
     if (!deployed && (c.method === 'capability' || c.method === 'config' || c.method === 'audit')) {
-        return mk(c, 'manual', `ShellWard 运行时可提供此防护；当前为静态扫描、未部署，无法验证。整改：${c.remediation_zh}`, `Provided by ShellWard runtime; not verifiable in a static scan. ${c.remediation_en}`);
+        return mk(c, 'manual', c.remediation_zh, c.remediation_en);
     }
     switch (c.method) {
         case 'capability': return checkCapability(c, config);

package/dist/compliance/html-report.d.ts CHANGED Viewed

@@ -3,6 +3,8 @@ import type { ProjectScanResult } from './project-scan.js';
 export interface HtmlReportMeta {
     /** 扫描的项目根 */
     root: string;
+    /** 可选：web 场景下的"返回/再扫一个"链接（CLI 导出时不传） */
+    backLink?: string;
 }
 /** 生成自包含 HTML 合规报告 */
 export declare function renderHtmlReport(report: ComplianceReport, scan: ProjectScanResult, locale: 'zh' | 'en', meta: HtmlReportMeta): string;

package/dist/compliance/html-report.js CHANGED Viewed

@@ -137,7 +137,10 @@ export function renderHtmlReport(report, scan, locale, meta) {
         S.push(`<p class="note">💡 ${t('对使用 openai SDK 的项目：通常仅需把 base_url 与 api_key 换成上表任一境内模型即可，业务代码无需改动。', 'For openai-SDK projects: usually just swap base_url + api_key — no code change.')}</p>`);
     }
     // ===== 控制项明细 =====
-    S.push(sectionHead('📋', t('合规控制项明细', 'Compliance Controls'), t('按法规分组；⚪ 项为运行时/人工核验', 'By regulation; ⚪ = runtime / manual review')));
+    S.push(sectionHead('📋', t('合规控制项明细', 'Compliance Controls'), t('按法规分组', 'By regulation')));
+    if (report.staticScan && report.manual > 0) {
+        S.push(`<div class="note manual-note">${t(`<b>⚪ 待核验 ≠ 不合规。</b> 下方 ${report.manual} 项是<b>运行时合规控制</b>（审计留存、内容过滤、注入拦截、数据外发管控等）——靠"看代码"的静态扫描判断不了，需把 ShellWard 接入你的 AI 应用（<code>npx shellward mcp</code> 或插件）作为运行时防护后才能验证，或人工核验。每项后面是"该做什么"。`, `<b>⚪ Review ≠ non-compliant.</b> The ${report.manual} items below are <b>runtime controls</b> a static scan cannot verify — deploy ShellWard as a runtime guard (<code>npx shellward mcp</code> / plugin) to validate them. Each row shows the remediation.`)}</div>`);
+    }
     const grouped = groupBy(report.results);
     for (const reg of REG_ORDER) {
         const items = grouped[reg];
@@ -168,6 +171,7 @@ export function renderHtmlReport(report, scan, locale, meta) {
 <style>${CSS}</style>
 </head>
 <body>
+${meta.backLink ? `<div class="backbar"><a href="${esc(meta.backLink)}">← ${t('返回 / 再扫一个', 'Back / scan another')}</a></div>` : ''}
 <main>
   <header>
     <div class="brand">🛡️ Shell<span>Ward</span> <em>${t('合规网关', 'Compliance Gateway')}</em></div>
@@ -221,6 +225,10 @@ const CSS = `
 body{margin:0;background:var(--bg);color:var(--ink);
   font:15px/1.65 -apple-system,BlinkMacSystemFont,"Segoe UI","PingFang SC","Microsoft YaHei",sans-serif;
   -webkit-font-smoothing:antialiased}
+.backbar{position:sticky;top:0;z-index:9;background:#0f172a;padding:10px 24px}
+.backbar a{color:#fff;font-weight:600;font-size:14px;text-decoration:none}
+.backbar a:hover{color:#fca5a5}
+@media print{.backbar{display:none}}
 main{max-width:880px;margin:28px auto;background:var(--card);border-radius:16px;
   box-shadow:0 1px 3px rgba(15,23,42,.06),0 12px 32px rgba(15,23,42,.07);overflow:hidden}
 header{padding:30px 36px 22px;background:linear-gradient(180deg,#fafbfd,#fff);border-bottom:1px solid var(--line)}
@@ -312,6 +320,9 @@ table.tbl td.right{width:64px}
 .mtag.mid{background:var(--warn-bg);color:var(--warn)}
 .note{margin:8px 36px 4px;font-size:12.5px;color:var(--muted);background:#f8fafc;
   border-left:3px solid var(--brand);padding:10px 14px;border-radius:0 8px 8px 0}
+.manual-note{margin:8px 36px 12px;font-size:13px;color:#475569;background:#eff6ff;
+  border-left:3px solid #3b82f6;line-height:1.6}
+.manual-note code{background:#dbeafe;padding:1px 6px;border-radius:5px}
 /* 法规分组 */
 .reg{margin:14px 36px;padding:0;border:1px solid var(--line);border-radius:12px;overflow:hidden}

package/dist/compliance/report.js CHANGED Viewed

@@ -82,6 +82,12 @@ export function renderComplianceReport(report, locale) {
     // ===== 按法规分组明细 =====
     L.push(zh ? '## 分项明细' : '## Detailed Results');
     L.push('');
+    if (report.staticScan && report.manual > 0) {
+        L.push(zh
+            ? `> **⚪ 待核验 ≠ 不合规。** 下方 ${report.manual} 项是**运行时合规控制**（审计留存、内容过滤、注入拦截、数据外发管控等），静态扫描（看代码）判断不了，需把 ShellWard 接入你的 AI 应用（\`npx shellward mcp\` 或插件）作为运行时防护后验证，或人工核验。`
+            : `> **⚪ Review ≠ non-compliant.** The ${report.manual} items below are runtime controls a static scan cannot verify — deploy ShellWard as a runtime guard to validate.`);
+        L.push('');
+    }
     const grouped = groupByRegulation(report.results);
     for (const reg of REGULATION_ORDER) {
         const items = grouped[reg];

package/dist/web/scan-server.js CHANGED Viewed

@@ -110,7 +110,7 @@ async function handleRepo(res, repo, locale, inc, dec) {
     try {
         await cloneRepo(v.url, dir);
         const { report, scan } = runProjectComplianceAudit(DEFAULT_CONFIG, dir);
-        send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: v.url }));
+        send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: v.url, backLink: '/' }));
     }
     catch (e) {
         const msg = esc(e?.message || String(e));
@@ -133,7 +133,7 @@ async function handleLocal(res, path, locale, inc, dec) {
     inc();
     try {
         const { report, scan } = runProjectComplianceAudit(DEFAULT_CONFIG, root);
-        send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root }));
+        send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root, backLink: '/' }));
     }
     finally {
         dec();
@@ -192,7 +192,7 @@ async function handleUpload(req, res, locale, inc, dec) {
         }
         const { report, scan } = runProjectComplianceAudit(DEFAULT_CONFIG, dir);
         const rootName = typeof payload.root === 'string' && payload.root ? payload.root : '(uploaded folder)';
-        send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: rootName }));
+        send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: rootName, backLink: '/' }));
     }
     catch (e) {
         send(res, 500, 'text/html', errorPage('扫描失败：' + esc(e?.message || String(e))));
@@ -248,7 +248,7 @@ function handleDemo(res, locale, inc, dec) {
         writeFileSync(join(dir, 'data', 'customers.csv'), 'name,id_card,phone,card\n张三,110101199003071233,13800138000,4111111111111111\n');
         writeFileSync(join(dir, '.env'), 'AWS_ACCESS_KEY=AKIARZ9MKP2QWLS7YV3N\nDB_PASSWORD=Sup3rS3cretProdPwd2026\n');
         const { report, scan } = runProjectComplianceAudit(DEFAULT_CONFIG, dir);
-        send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: '示例项目（含风险）/ demo-ai-app' }));
+        send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: '示例项目（含风险）/ demo-ai-app', backLink: '/' }));
     }
     catch (e) {
         send(res, 500, 'text/html', errorPage('演示失败：' + esc(e?.message || String(e))));
@@ -285,32 +285,42 @@ function send(res, code, type, body) {
 function formPage(local) {
     const urlForm = `
       <form action="/scan" method="get" onsubmit="var b=this.querySelector('button');b.disabled=true;b.textContent='扫描中…（大仓库需 10–60 秒，请勿重复点击）';">
-        <label>${local ? '② ' : ''}公开仓库地址</label>
+        <label>${local ? '③ ' : ''}公开仓库地址</label>
         <input name="repo" placeholder="https://github.com/owner/repo"${local ? '' : ' autofocus'}>
         <button type="submit">${local ? '体检该仓库 →' : '开始体检 →'}</button>
-        <p class="hint">仅支持公开仓库（GitHub / GitLab / Gitee / Bitbucket）。大仓库可能超时——${local ? '此时改用上方「选择文件夹」更稳。' : '<b>大仓库 / 私有代码请用本地客户端或 CLI</b>：<code>npx shellward web --local</code> / <code>npx shellward scan</code>（不上传）。'}</p>
+        <p class="hint">仅支持公开仓库（GitHub / GitLab / Gitee / Bitbucket）。大仓库可能超时——${local ? '此时用上方「上传文件夹」更稳。' : '<b>大仓库 / 私有代码请用本地客户端或 CLI</b>：<code>npx shellward web --local</code> / <code>npx shellward scan</code>（不上传）。'}</p>
       </form>`;
-    const uploadForm = local ? `
-      <label>① 在本机点选项目文件夹（推荐 · 零上传）</label>
-      <div class="browser">
-        <div class="bpath" id="curpath">加载中…</div>
-        <ul class="dirs" id="dirs"></ul>
-      </div>
-      <button id="scanbtn" type="button">✅ 扫描当前文件夹 →</button>
-      <p class="hint">📂 在你电脑上点进项目目录，再点"扫描当前文件夹"。<b>服务端直接读取本机文件、零上传、不出本机</b>，自动跳过 node_modules，无需选 3 万个文件。</p>
+    // 本地模式：① 上传文件夹（一次选定，最方便）  ② 点选文件夹（零上传）  ③ URL
+    const localForms = local ? `
+      <form id="dirform">
+        <label>① 上传项目文件夹（最方便）</label>
+        <input type="file" id="dir" webkitdirectory directory multiple>
+        <button id="dbtn" type="submit">开始体检 →</button>
+        <div id="status" class="status"></div>
+        <p class="hint">选你的项目文件夹即可。<b>浏览器可能提示"上传 N 个文件"——放心：实际只发送源码/配置（自动跳过 node_modules、图片、超大文件），且只到<u>本机的本地服务</u>，不出本机。</b></p>
+      </form>
+      <details class="alt"><summary>不想上传？点选文件夹（零上传）</summary>
+        <label>② 在本机点选项目文件夹（零上传）</label>
+        <div class="browser">
+          <div class="bpath" id="curpath">加载中…</div>
+          <ul class="dirs" id="dirs"></ul>
+        </div>
+        <button id="scanbtn" type="button">✅ 扫描当前文件夹 →</button>
+        <p class="hint">服务端直接读取本机文件、零上传、不出本机，自动跳过 node_modules。</p>
+      </details>
       <div class="or">— 或 —</div>` : '';
     return page('ShellWard 合规体检', `
     <div class="hero">
       <div class="logo">🛡️ Shell<span>Ward</span> 合规网关</div>
       <h1>AI 应用合规体检</h1>
-      <p class="sub">${local ? '选项目文件夹或贴公开仓库链接' : '贴公开仓库链接'}，30 秒查出数据出境 / 硬编码密钥 / 个人信息暴露等中国合规红线。</p>
-      ${uploadForm}
+      <p class="sub">${local ? '上传/点选项目文件夹，或贴公开仓库链接' : '贴公开仓库链接'}，30 秒查出数据出境 / 硬编码密钥 / 个人信息暴露等中国合规红线。</p>
+      ${localForms}
       ${urlForm}
       <p class="demo">🤔 觉得"秒出"不真？ <a href="/demo">▶ 看一个含风险的示例报告</a>（同样秒出，但满屏发现 + 行号）</p>
       <p class="foot">网安法 2026 · PIPL · 等保2.0 · 数据出境 · AI标识 ｜ 零依赖 · 开源 ·
         <a href="https://github.com/jnMetaCode/shellward">GitHub ⭐</a></p>
     </div>
-    ${local ? BROWSE_SCRIPT : ''}`);
+    ${local ? UPLOAD_SCRIPT + BROWSE_SCRIPT : ''}`);
 }
 // 本地目录浏览器：点选文件夹 → 服务端直接扫（零上传，不读 node_modules）
 const BROWSE_SCRIPT = `<script>
@@ -400,6 +410,9 @@ form{margin:0 0 14px}.or{text-align:center;color:#94a3b8;font-size:13px;margin:6
 .status{display:none;margin:10px 0 0;padding:10px 14px;border-radius:8px;background:#f1f5f9;
 color:#334155;font-size:13.5px;border-left:3px solid #cb0000;text-align:left}
 .demo{margin:18px 0 0;font-size:13px;color:#475569}.demo a{font-weight:600}
+details.alt{margin:6px 0 10px;text-align:left}
+details.alt summary{cursor:pointer;color:#cb0000;font-size:13px;font-weight:600;padding:6px 0}
+details.alt[open] summary{margin-bottom:8px}
 .browser{border:1px solid #cbd5e1;border-radius:10px;overflow:hidden;margin:4px 0 10px;text-align:left}
 .bpath{background:#0f172a;color:#93c5fd;font-family:ui-monospace,Menlo,monospace;font-size:12px;
 padding:9px 12px;word-break:break-all}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "shellward",
-  "version": "0.7.8",
+  "version": "0.7.10",
   "mcpName": "io.github.jnMetaCode/shellward",
   "description": "AI agent security & MCP security middleware — prompt injection detection, AI firewall, runtime guardrails & data-loss prevention for LLM tool calls. 8-layer defense against data exfiltration & dangerous commands. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents, Hermes Agent.",
   "keywords": [

package/src/compliance/audit.ts CHANGED Viewed

@@ -212,11 +212,10 @@ function computeProjectPenalty(scan: ProjectScanResult): number {
 }
 function checkControl(c: ComplianceControl, config: ShellWardConfig, env: EnvFacts, deployed: boolean): ControlResult {
-  // 静态扫描（未部署运行时）下，能力层/审计日志类控制项无法验证 —— 标为顾问态，绝不虚报"已合规"
+  // 静态扫描（未部署运行时）下，能力层/审计日志类控制项无法验证 —— 标为顾问态，绝不虚报"已合规"。
+  // 「为何待核验」统一在报告区块开头说一次；这里每行只留"该做什么"，避免 12 行重复同一句。
   if (!deployed && (c.method === 'capability' || c.method === 'config' || c.method === 'audit')) {
-    return mk(c, 'manual',
-      `ShellWard 运行时可提供此防护；当前为静态扫描、未部署，无法验证。整改：${c.remediation_zh}`,
-      `Provided by ShellWard runtime; not verifiable in a static scan. ${c.remediation_en}`)
+    return mk(c, 'manual', c.remediation_zh, c.remediation_en)
   }
   switch (c.method) {
     case 'capability': return checkCapability(c, config)

package/src/compliance/html-report.ts CHANGED Viewed

@@ -43,6 +43,8 @@ const SEV: Record<string, { zh: string; en: string }> = {
 export interface HtmlReportMeta {
   /** 扫描的项目根 */
   root: string
+  /** 可选：web 场景下的"返回/再扫一个"链接（CLI 导出时不传） */
+  backLink?: string
 }
 /** 生成自包含 HTML 合规报告 */
@@ -164,7 +166,12 @@ export function renderHtmlReport(
   // ===== 控制项明细 =====
   S.push(sectionHead('📋', t('合规控制项明细', 'Compliance Controls'),
-    t('按法规分组；⚪ 项为运行时/人工核验', 'By regulation; ⚪ = runtime / manual review')))
+    t('按法规分组', 'By regulation')))
+  if (report.staticScan && report.manual > 0) {
+    S.push(`<div class="note manual-note">${t(
+      `<b>⚪ 待核验 ≠ 不合规。</b> 下方 ${report.manual} 项是<b>运行时合规控制</b>（审计留存、内容过滤、注入拦截、数据外发管控等）——靠"看代码"的静态扫描判断不了，需把 ShellWard 接入你的 AI 应用（<code>npx shellward mcp</code> 或插件）作为运行时防护后才能验证，或人工核验。每项后面是"该做什么"。`,
+      `<b>⚪ Review ≠ non-compliant.</b> The ${report.manual} items below are <b>runtime controls</b> a static scan cannot verify — deploy ShellWard as a runtime guard (<code>npx shellward mcp</code> / plugin) to validate them. Each row shows the remediation.`)}</div>`)
+  }
   const grouped = groupBy(report.results)
   for (const reg of REG_ORDER) {
     const items = grouped[reg]
@@ -198,6 +205,7 @@ export function renderHtmlReport(
 <style>${CSS}</style>
 </head>
 <body>
+${meta.backLink ? `<div class="backbar"><a href="${esc(meta.backLink)}">← ${t('返回 / 再扫一个', 'Back / scan another')}</a></div>` : ''}
 <main>
   <header>
     <div class="brand">🛡️ Shell<span>Ward</span> <em>${t('合规网关', 'Compliance Gateway')}</em></div>
@@ -258,6 +266,10 @@ const CSS = `
 body{margin:0;background:var(--bg);color:var(--ink);
   font:15px/1.65 -apple-system,BlinkMacSystemFont,"Segoe UI","PingFang SC","Microsoft YaHei",sans-serif;
   -webkit-font-smoothing:antialiased}
+.backbar{position:sticky;top:0;z-index:9;background:#0f172a;padding:10px 24px}
+.backbar a{color:#fff;font-weight:600;font-size:14px;text-decoration:none}
+.backbar a:hover{color:#fca5a5}
+@media print{.backbar{display:none}}
 main{max-width:880px;margin:28px auto;background:var(--card);border-radius:16px;
   box-shadow:0 1px 3px rgba(15,23,42,.06),0 12px 32px rgba(15,23,42,.07);overflow:hidden}
 header{padding:30px 36px 22px;background:linear-gradient(180deg,#fafbfd,#fff);border-bottom:1px solid var(--line)}
@@ -349,6 +361,9 @@ table.tbl td.right{width:64px}
 .mtag.mid{background:var(--warn-bg);color:var(--warn)}
 .note{margin:8px 36px 4px;font-size:12.5px;color:var(--muted);background:#f8fafc;
   border-left:3px solid var(--brand);padding:10px 14px;border-radius:0 8px 8px 0}
+.manual-note{margin:8px 36px 12px;font-size:13px;color:#475569;background:#eff6ff;
+  border-left:3px solid #3b82f6;line-height:1.6}
+.manual-note code{background:#dbeafe;padding:1px 6px;border-radius:5px}
 /* 法规分组 */
 .reg{margin:14px 36px;padding:0;border:1px solid var(--line);border-radius:12px;overflow:hidden}

package/src/compliance/report.ts CHANGED Viewed

@@ -93,6 +93,12 @@ export function renderComplianceReport(report: ComplianceReport, locale: 'zh' |
   // ===== 按法规分组明细 =====
   L.push(zh ? '## 分项明细' : '## Detailed Results')
   L.push('')
+  if (report.staticScan && report.manual > 0) {
+    L.push(zh
+      ? `> **⚪ 待核验 ≠ 不合规。** 下方 ${report.manual} 项是**运行时合规控制**（审计留存、内容过滤、注入拦截、数据外发管控等），静态扫描（看代码）判断不了，需把 ShellWard 接入你的 AI 应用（\`npx shellward mcp\` 或插件）作为运行时防护后验证，或人工核验。`
+      : `> **⚪ Review ≠ non-compliant.** The ${report.manual} items below are runtime controls a static scan cannot verify — deploy ShellWard as a runtime guard to validate.`)
+    L.push('')
+  }
   const grouped = groupByRegulation(report.results)
   for (const reg of REGULATION_ORDER) {

package/src/web/scan-server.ts CHANGED Viewed

@@ -113,7 +113,7 @@ async function handleRepo(res: any, repo: string, locale: 'zh' | 'en', inc: () =
   try {
     await cloneRepo(v.url, dir)
     const { report, scan } = runProjectComplianceAudit(DEFAULT_CONFIG, dir)
-    send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: v.url }))
+    send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: v.url, backLink: '/' }))
   } catch (e: any) {
     const msg = esc(e?.message || String(e))
     send(res, 502, 'text/html', errorPage(
@@ -133,7 +133,7 @@ async function handleLocal(res: any, path: string, locale: 'zh' | 'en', inc: ()
   inc()
   try {
     const { report, scan } = runProjectComplianceAudit(DEFAULT_CONFIG, root)
-    send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root }))
+    send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root, backLink: '/' }))
   } finally {
     dec()
   }
@@ -176,7 +176,7 @@ async function handleUpload(req: any, res: any, locale: 'zh' | 'en', inc: () =>
     }
     const { report, scan } = runProjectComplianceAudit(DEFAULT_CONFIG, dir)
     const rootName = typeof payload.root === 'string' && payload.root ? payload.root : '(uploaded folder)'
-    send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: rootName }))
+    send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: rootName, backLink: '/' }))
   } catch (e: any) {
     send(res, 500, 'text/html', errorPage('扫描失败：' + esc(e?.message || String(e))))
   } finally {
@@ -226,7 +226,7 @@ function handleDemo(res: any, locale: 'zh' | 'en', inc: () => void, dec: () => v
     writeFileSync(join(dir, '.env'),
       'AWS_ACCESS_KEY=AKIARZ9MKP2QWLS7YV3N\nDB_PASSWORD=Sup3rS3cretProdPwd2026\n')
     const { report, scan } = runProjectComplianceAudit(DEFAULT_CONFIG, dir)
-    send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: '示例项目（含风险）/ demo-ai-app' }))
+    send(res, 200, 'text/html', renderHtmlReport(report, scan, locale, { root: '示例项目（含风险）/ demo-ai-app', backLink: '/' }))
   } catch (e: any) {
     send(res, 500, 'text/html', errorPage('演示失败：' + esc(e?.message || String(e))))
   } finally {
@@ -261,34 +261,44 @@ function send(res: any, code: number, type: string, body: string) {
 function formPage(local: boolean): string {
   const urlForm = `
       <form action="/scan" method="get" onsubmit="var b=this.querySelector('button');b.disabled=true;b.textContent='扫描中…（大仓库需 10–60 秒，请勿重复点击）';">
-        <label>${local ? '② ' : ''}公开仓库地址</label>
+        <label>${local ? '③ ' : ''}公开仓库地址</label>
         <input name="repo" placeholder="https://github.com/owner/repo"${local ? '' : ' autofocus'}>
         <button type="submit">${local ? '体检该仓库 →' : '开始体检 →'}</button>
-        <p class="hint">仅支持公开仓库（GitHub / GitLab / Gitee / Bitbucket）。大仓库可能超时——${local ? '此时改用上方「选择文件夹」更稳。' : '<b>大仓库 / 私有代码请用本地客户端或 CLI</b>：<code>npx shellward web --local</code> / <code>npx shellward scan</code>（不上传）。'}</p>
+        <p class="hint">仅支持公开仓库（GitHub / GitLab / Gitee / Bitbucket）。大仓库可能超时——${local ? '此时用上方「上传文件夹」更稳。' : '<b>大仓库 / 私有代码请用本地客户端或 CLI</b>：<code>npx shellward web --local</code> / <code>npx shellward scan</code>（不上传）。'}</p>
       </form>`
-  const uploadForm = local ? `
-      <label>① 在本机点选项目文件夹（推荐 · 零上传）</label>
-      <div class="browser">
-        <div class="bpath" id="curpath">加载中…</div>
-        <ul class="dirs" id="dirs"></ul>
-      </div>
-      <button id="scanbtn" type="button">✅ 扫描当前文件夹 →</button>
-      <p class="hint">📂 在你电脑上点进项目目录，再点"扫描当前文件夹"。<b>服务端直接读取本机文件、零上传、不出本机</b>，自动跳过 node_modules，无需选 3 万个文件。</p>
+  // 本地模式：① 上传文件夹（一次选定，最方便）  ② 点选文件夹（零上传）  ③ URL
+  const localForms = local ? `
+      <form id="dirform">
+        <label>① 上传项目文件夹（最方便）</label>
+        <input type="file" id="dir" webkitdirectory directory multiple>
+        <button id="dbtn" type="submit">开始体检 →</button>
+        <div id="status" class="status"></div>
+        <p class="hint">选你的项目文件夹即可。<b>浏览器可能提示"上传 N 个文件"——放心：实际只发送源码/配置（自动跳过 node_modules、图片、超大文件），且只到<u>本机的本地服务</u>，不出本机。</b></p>
+      </form>
+      <details class="alt"><summary>不想上传？点选文件夹（零上传）</summary>
+        <label>② 在本机点选项目文件夹（零上传）</label>
+        <div class="browser">
+          <div class="bpath" id="curpath">加载中…</div>
+          <ul class="dirs" id="dirs"></ul>
+        </div>
+        <button id="scanbtn" type="button">✅ 扫描当前文件夹 →</button>
+        <p class="hint">服务端直接读取本机文件、零上传、不出本机，自动跳过 node_modules。</p>
+      </details>
       <div class="or">— 或 —</div>` : ''
   return page('ShellWard 合规体检', `
     <div class="hero">
       <div class="logo">🛡️ Shell<span>Ward</span> 合规网关</div>
       <h1>AI 应用合规体检</h1>
-      <p class="sub">${local ? '选项目文件夹或贴公开仓库链接' : '贴公开仓库链接'}，30 秒查出数据出境 / 硬编码密钥 / 个人信息暴露等中国合规红线。</p>
-      ${uploadForm}
+      <p class="sub">${local ? '上传/点选项目文件夹，或贴公开仓库链接' : '贴公开仓库链接'}，30 秒查出数据出境 / 硬编码密钥 / 个人信息暴露等中国合规红线。</p>
+      ${localForms}
       ${urlForm}
       <p class="demo">🤔 觉得"秒出"不真？ <a href="/demo">▶ 看一个含风险的示例报告</a>（同样秒出，但满屏发现 + 行号）</p>
       <p class="foot">网安法 2026 · PIPL · 等保2.0 · 数据出境 · AI标识 ｜ 零依赖 · 开源 ·
         <a href="https://github.com/jnMetaCode/shellward">GitHub ⭐</a></p>
     </div>
-    ${local ? BROWSE_SCRIPT : ''}`)
+    ${local ? UPLOAD_SCRIPT + BROWSE_SCRIPT : ''}`)
 }
 // 本地目录浏览器：点选文件夹 → 服务端直接扫（零上传，不读 node_modules）
@@ -382,6 +392,9 @@ form{margin:0 0 14px}.or{text-align:center;color:#94a3b8;font-size:13px;margin:6
 .status{display:none;margin:10px 0 0;padding:10px 14px;border-radius:8px;background:#f1f5f9;
 color:#334155;font-size:13.5px;border-left:3px solid #cb0000;text-align:left}
 .demo{margin:18px 0 0;font-size:13px;color:#475569}.demo a{font-weight:600}
+details.alt{margin:6px 0 10px;text-align:left}
+details.alt summary{cursor:pointer;color:#cb0000;font-size:13px;font-weight:600;padding:6px 0}
+details.alt[open] summary{margin-bottom:8px}
 .browser{border:1px solid #cbd5e1;border-radius:10px;overflow:hidden;margin:4px 0 10px;text-align:left}
 .bpath{background:#0f172a;color:#93c5fd;font-family:ui-monospace,Menlo,monospace;font-size:12px;
 padding:9px 12px;word-break:break-all}