Skip to content

Commit 53aa965

Browse files
committed
ux(report): 待核验项不再每行重复长句,区块开头统一解释 v0.7.9
- ⚪待核验项每行只留整改建议,不再12行重复"静态扫描无法验证" - 控制项区块开头统一说明:⚪待核验≠不合规,是运行时控制需部署验证 - HTML加蓝色说明条;终端/markdown同步
1 parent c496875 commit 53aa965

5 files changed

Lines changed: 27 additions & 6 deletions

File tree

CHANGELOG.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
55
The format is based on [Keep a Changelog](https://keepachangelog.com/),
66
and this project adheres to [Semantic Versioning](https://semver.org/).
77

8+
## [0.7.9] - 2026-06-20
9+
10+
### Changed — 「待确认」不再啰嗦/吓人
11+
- 静态扫描的 ⚪ 待核验项**不再每行重复**"ShellWard 运行时可提供…静态扫描无法验证"长句(此前 12 行同一句)
12+
- 改为在「合规控制项明细」区块**开头统一说明一次****⚪ 待核验 ≠ 不合规**,它们是运行时合规控制(审计留存/内容过滤/注入拦截/数据外发管控),静态扫描判断不了,需部署 ShellWard 运行时或人工核验
13+
- 每个 ⚪ 行只保留"该做什么"(整改建议),更清爽
14+
- HTML 报告加蓝色说明条;终端/markdown 同步
15+
816
## [0.7.8] - 2026-06-20
917

1018
### Changed — 本地客户端改用「目录浏览器」,彻底解决上传 3 万文件的问题

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "shellward",
3-
"version": "0.7.8",
3+
"version": "0.7.9",
44
"mcpName": "io.github.jnMetaCode/shellward",
55
"description": "AI agent security & MCP security middleware — prompt injection detection, AI firewall, runtime guardrails & data-loss prevention for LLM tool calls. 8-layer defense against data exfiltration & dangerous commands. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents, Hermes Agent.",
66
"keywords": [

src/compliance/audit.ts

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -212,11 +212,10 @@ function computeProjectPenalty(scan: ProjectScanResult): number {
212212
}
213213

214214
function checkControl(c: ComplianceControl, config: ShellWardConfig, env: EnvFacts, deployed: boolean): ControlResult {
215-
// 静态扫描(未部署运行时)下,能力层/审计日志类控制项无法验证 —— 标为顾问态,绝不虚报"已合规"
215+
// 静态扫描(未部署运行时)下,能力层/审计日志类控制项无法验证 —— 标为顾问态,绝不虚报"已合规"。
216+
// 「为何待核验」统一在报告区块开头说一次;这里每行只留"该做什么",避免 12 行重复同一句。
216217
if (!deployed && (c.method === 'capability' || c.method === 'config' || c.method === 'audit')) {
217-
return mk(c, 'manual',
218-
`ShellWard 运行时可提供此防护;当前为静态扫描、未部署,无法验证。整改:${c.remediation_zh}`,
219-
`Provided by ShellWard runtime; not verifiable in a static scan. ${c.remediation_en}`)
218+
return mk(c, 'manual', c.remediation_zh, c.remediation_en)
220219
}
221220
switch (c.method) {
222221
case 'capability': return checkCapability(c, config)

src/compliance/html-report.ts

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -164,7 +164,12 @@ export function renderHtmlReport(
164164

165165
// ===== 控制项明细 =====
166166
S.push(sectionHead('📋', t('合规控制项明细', 'Compliance Controls'),
167-
t('按法规分组;⚪ 项为运行时/人工核验', 'By regulation; ⚪ = runtime / manual review')))
167+
t('按法规分组', 'By regulation')))
168+
if (report.staticScan && report.manual > 0) {
169+
S.push(`<div class="note manual-note">${t(
170+
`<b>⚪ 待核验 ≠ 不合规。</b> 下方 ${report.manual} 项是<b>运行时合规控制</b>(审计留存、内容过滤、注入拦截、数据外发管控等)——靠"看代码"的静态扫描判断不了,需把 ShellWard 接入你的 AI 应用(<code>npx shellward mcp</code> 或插件)作为运行时防护后才能验证,或人工核验。每项后面是"该做什么"。`,
171+
`<b>⚪ Review ≠ non-compliant.</b> The ${report.manual} items below are <b>runtime controls</b> a static scan cannot verify — deploy ShellWard as a runtime guard (<code>npx shellward mcp</code> / plugin) to validate them. Each row shows the remediation.`)}</div>`)
172+
}
168173
const grouped = groupBy(report.results)
169174
for (const reg of REG_ORDER) {
170175
const items = grouped[reg]
@@ -349,6 +354,9 @@ table.tbl td.right{width:64px}
349354
.mtag.mid{background:var(--warn-bg);color:var(--warn)}
350355
.note{margin:8px 36px 4px;font-size:12.5px;color:var(--muted);background:#f8fafc;
351356
border-left:3px solid var(--brand);padding:10px 14px;border-radius:0 8px 8px 0}
357+
.manual-note{margin:8px 36px 12px;font-size:13px;color:#475569;background:#eff6ff;
358+
border-left:3px solid #3b82f6;line-height:1.6}
359+
.manual-note code{background:#dbeafe;padding:1px 6px;border-radius:5px}
352360
353361
/* 法规分组 */
354362
.reg{margin:14px 36px;padding:0;border:1px solid var(--line);border-radius:12px;overflow:hidden}

src/compliance/report.ts

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,12 @@ export function renderComplianceReport(report: ComplianceReport, locale: 'zh' |
9393
// ===== 按法规分组明细 =====
9494
L.push(zh ? '## 分项明细' : '## Detailed Results')
9595
L.push('')
96+
if (report.staticScan && report.manual > 0) {
97+
L.push(zh
98+
? `> **⚪ 待核验 ≠ 不合规。** 下方 ${report.manual} 项是**运行时合规控制**(审计留存、内容过滤、注入拦截、数据外发管控等),静态扫描(看代码)判断不了,需把 ShellWard 接入你的 AI 应用(\`npx shellward mcp\` 或插件)作为运行时防护后验证,或人工核验。`
99+
: `> **⚪ Review ≠ non-compliant.** The ${report.manual} items below are runtime controls a static scan cannot verify — deploy ShellWard as a runtime guard to validate.`)
100+
L.push('')
101+
}
96102

97103
const grouped = groupByRegulation(report.results)
98104
for (const reg of REGULATION_ORDER) {

0 commit comments

Comments
 (0)