index.html

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Vulnerability Dashboard</title>
<link rel="icon" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 100 100'><text y='.9em' font-size='90'>🪲</text></svg>'" />
<!-- ===== Global Styles ===== -->
<style>
:root {
  --bg-light: #f8f9fa;
  --text-light: #212529;
  --panel-light: #ffffff;
  --border-light: #dee2e6;
  --link-light: #0d6efd;
  --bg-dark: #121212;
  --text-dark: #e9ecef;
  --panel-dark: #1e1e1e;
  --border-dark: #343a40;
  --link-dark: #8ab4f8;
  --input-bg-dark: #2d2d2d;
  --input-text-dark: #e9ecef;
  --heat-bar: #0d6efd;
}
/* Base */
body {
  font-family: system-ui, -apple-system, "Segoe UI", Roboto, Arial, sans-serif;
  margin: 0;
  background: var(--bg-light);
  color: var(--text-light);
  line-height: 1.6;
}
body.dark {
  background: var(--bg-dark);
  color: var(--text-dark);
}
a {
  color: var(--link-light);
  text-decoration: none;
}
body.dark a { color: var(--link-dark); }
a:hover { text-decoration: underline; }
/* Top nav tabs */
nav {
  display: flex;
  justify-content: center;
  background: #444;
  color: white;
}
nav button {
  flex: 1;
  padding: 14px;
  font-size: 16px;
  color: white;
  background: #444;
  border: none;
  cursor: pointer;
  outline: none;
  transition: background 0.3s;
}
nav button.active { background: #0074d9; }
nav button:hover { background: #555; }
/* Tabs container limits show/hide scope */
.tabs > section { display: none; padding: 20px; }
.tabs > section.active { display: block; }
/* Mode Toggle Button (floating) */
.mode {
  position: fixed;
  top: 14px;
  right: 14px;
  padding: 8px 16px;
  font-size: 14px;
  color: #333;
  background: #ddd;
  border: 1px solid #ccc;
  border-radius: 5px;
  cursor: pointer;
  z-index: 1000;
}
body.dark .mode {
  background: #444;
  color: #f4f4f9;
  border-color: #666;
}
/* Dashboard 1 (CVE) Header */
header.cve-header {
  padding: 20px;
  background: inherit;
  border-bottom: 1px solid var(--border-light);
  display: flex;
  gap: 12px;
  align-items: center;
  flex-wrap: wrap;
  position: sticky;
  top: 0;
  z-index: 10;
}
body.dark header.cve-header { border-color: var(--border-dark); }
header.cve-header h1 {
  margin: 0;
  font-size: 22px;
  font-weight: 600;
  display: flex;
  align-items: center;
  gap: 12px;
}
header.cve-header h1::before {
  content: "";
  display: block;
  width: 36px;
  height: 36px;
  background: url('data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 100 100%22><text y=%22.9em%22 font-size=%2290%22>🪲</text></svg>') center/cover no-repeat;
}
#cve {
  flex: 1;
  min-width: 300px;
  padding: 12px 16px;
  font-size: 16px;
  border: 1px solid var(--border-light);
  border-radius: 8px;
  background: var(--panel-light);
}
body.dark #cve {
  background: var(--input-bg-dark);
  border-color: var(--border-dark);
  color: var(--input-text-dark);
}
.btn {
  padding: 10px 18px;
  border: 1px solid var(--border-light);
  background: var(--panel-light);
  color: var(--text-light);
  border-radius: 8px;
  cursor: pointer;
  font-weight: 500;
}
body.dark .btn {
  background: var(--input-bg-dark);
  border-color: var(--border-dark);
  color: var(--text-dark);
}
/* Dashboard 1 Layout */
main.cve-main {
  padding: 24px;
  display: grid;
  grid-template-columns: 1fr 1fr 320px;
  grid-template-areas:
    "details details watch"
    "sources relevant vulncheck";
  gap: 20px;
}
@media (max-width:1400px) {
  main.cve-main {
    grid-template-columns: 1fr 1fr;
    grid-template-areas:
      "details details"
      "watch watch"
      "vulncheck vulncheck"
      "sources relevant";
  }
}
@media (max-width:1000px) {
  main.cve-main {
    grid-template-columns: 1fr;
    grid-template-areas:
      "details"
      "watch"
      "vulncheck"
      "sources"
      "relevant";
  }
}
#cveDetails { grid-area: details; }
#exploitationWatch { grid-area: watch; }
#vulncheckMonitor { grid-area: vulncheck; }
#notableSources { grid-area: sources; }
#relevantSearches { grid-area: relevant; }
/* Panels */
.panel {
  background: var(--panel-light);
  border: 1px solid var(--border-light);
  border-radius: 12px;
  overflow: hidden;
}
body.dark .panel {
  background: var(--panel-dark);
  border-color: var(--border-dark);
}
.panel > header {
  padding: 14px 18px;
  border-bottom: 1px solid var(--border-light);
  background: rgba(0,0,0,0.03);
}
body.dark .panel > header {
  border-color: var(--border-dark);
  background: rgba(255,255,255,0.03);
}
.panel > header h2 {
  margin: 0;
  font-size: 16px;
  font-weight: 600;
}
.content { padding: 16px 18px; }
.item {
  padding: 12px 0;
  border-bottom: 1px dashed var(--border-light);
}
body.dark .item { border-color: #444; }
.item:last-child { border: none; }
.title { font-weight: 600; margin-bottom: 6px; }
.meta { font-size: 14px; opacity: .9; }
/* Chips & badges */
.chip {
  display: inline-block;
  padding: 4px 10px;
  border-radius: 999px;
  font-size: 12px;
  font-weight: 700;
  color: white;
  margin-left: 8px;
}
.low{background:#2d7f3a;}
.medium{background:#b57f00;}
.high{background:#cc4a00;}
.critical{background:#a60000;}
.badge {
  display: inline-block;
  padding: 5px 10px;
  border-radius: 8px;
  font-size: 13px;
  font-weight: 600;
}
.yes{background:#d4edda;color:#155724;}
.no{background:#f8d7da;color:#721c24;}
body.dark .yes{background:#1e3f2a;color:#a7f3c0;}
body.dark .no{background:#4a1e20;color:#f5b5bb;}
/* Link row + Copy */
.link-row {
  margin:6px 0;
  display:flex;
  align-items:center;
  gap:8px;
}
.link-row a { word-break:break-all; }
.copy-link {
  font-size:12px;
  padding:4px 8px;
  border:1px solid var(--border-light);
  background: var(--panel-light);
  border-radius:4px;
  cursor:pointer;
}
body.dark .copy-link {
  border-color: var(--border-dark);
  background: var(--input-bg-dark);
  color: var(--text-dark);
}
/* EPSS/SSVC layout */
.metrics-row {
  display:flex;
  gap:16px;
  flex-wrap:wrap;
  align-items:flex-start;
  margin-top:12px;
}
.metrics-col { flex: 1 1 360px; min-width: 280px; }
.metrics-box {
  padding: 12px;
  background: rgba(13,110,253,0.1);
  border-radius: 8px;
  margin-top: 4px;
  font-size: 14px;
}
body.dark .metrics-box { background: rgba(13,110,253,0.2); }
.metrics-box .title {
  font-weight: 600;
  margin-bottom: 8px;
  color: #0d6efd;
}
.metrics-box table {
  width: 100%;
  border-collapse: collapse;
  background: transparent;
  color: inherit;
}
.metrics-box th, .metrics-box td {
  padding: 8px;
  text-align: left;
  border-bottom: 1px solid rgba(13,110,253,0.3);
}
.metrics-box th {
  font-weight: 600;
  color: #0d6efd;
}
/* Toast + Loading */
#toast {
  position:fixed;
  bottom:30px;
  left:50%;
  transform:translateX(-50%);
  background:#333;
  color:#fff;
  padding:12px 24px;
  border-radius:8px;
  display:none;
  z-index:1000;
}
#loading {
  position:fixed;
  top:0;
  left:0;
  width:100%;
  height:100%;
  background: rgba(0,0,0,0.7);
  color:#fff;
  font-size:24px;
  display:none;
  align-items:center;
  justify-content:center;
  z-index:1200;
}
/* Modal (Attack Visualizer) */
#attackModal {
  display:none;
  position:fixed;
  top:0;
  left:0;
  width:100%;
  height:100%;
  background: var(--bg-light);
  z-index:1100;
}
body.dark #attackModal { background: var(--bg-dark); }
#attackGraph { width:100%; height: calc(100% - 60px); }
#closeModal {
  position:absolute;
  top:10px;
  right:10px;
  z-index:1110;
}
.settings-content {
  background: var(--panel-light);
  padding:30px;
  border-radius:12px;
  width:90%;
  max-width:520px;
  color:inherit;
}
body.dark .settings-content { background: var(--panel-dark); }
.settings-content input, .settings-content textarea {
  width:100%;
  padding:10px;
  margin-top:6px;
  border-radius:6px;
  border:1px solid var(--border-light);
  background: var(--panel-light);
  color: var(--text-light);
}
body.dark .settings-content input, body.dark .settings-content textarea {
  background: var(--input-bg-dark);
  border-color: var(--border-dark);
  color: var(--input-text-dark);
}
.settings-content label {
  display:block;
  margin-bottom:16px;
  font-weight:600;
}
/* Prevalence modal */
#prevalenceModal {
  display:none;
  position:fixed;
  top:0;
  left:0;
  width:100%;
  height:100%;
  background: rgba(0,0,0,0.65);
  z-index:1250;
  align-items:center;
  justify-content:center;
  padding:20px;
}
.prev-content {
  background: var(--panel-light);
  color:inherit;
  border:1px solid var(--border-light);
  border-radius:12px;
  max-width:920px;
  width:95%;
  max-height:85vh;
  overflow:auto;
  padding:20px 24px;
}
body.dark .prev-content {
  background: var(--panel-dark);
  border-color: var(--border-dark);
}
.prev-header {
  display:flex;
  justify-content:space-between;
  align-items:center;
  margin-bottom:12px;
}
/* Dark mode fix for AI Analysis modal */
body.dark #analysisModal > div {
  background: var(--panel-dark);
  color: var(--text-dark);
  border-color: var(--border-dark);
}
body.dark #analysisBody {
  background: var(--input-bg-dark);
  color: var(--input-text-dark);
  border-color: var(--border-dark);
}
body.dark #analysisStatus {
  color: var(--text-dark);
}
/* Dark mode fix for AI Analysis modal outer container */
body.dark #analysisModal > div {
  background: var(--panel-dark);
  color: var(--text-dark);
  border-color: var(--border-dark);
}
/* Ensure headings and buttons inside modal adapt */
body.dark #analysisModal h3 {
  color: var(--text-dark);
}
body.dark #analysisModal .btn {
  background: var(--input-bg-dark);
  color: var(--text-dark);
  border-color: var(--border-dark);
}
/* Analysis body box (where text streams) */
body.dark #analysisBody {
  background: var(--input-bg-dark);
  color: var(--input-text-dark);
  border-color: var(--border-dark);
}
/* Dashboard 2 (Feeds) */
.feeds-header { text-align:center; }
.feed-container { display:flex; flex-wrap:wrap; gap:1rem; justify-content:center; }
.feed {
  background-color: white;
  border: 1px solid #ddd;
  border-radius: 8px;
  box-shadow: 0 2px 4px rgba(0,0,0,0.1);
  padding: 15px;
  width: 300px;
}
body.dark .feed {
  background-color: #2e2e50;
  border-color: #444;
  box-shadow: none;
}
.feed h2 { font-size: 18px; color: inherit; margin-bottom: 5px; }
.feed ul { list-style:none; padding:0; margin:0; }
.feed ul li { margin-bottom:10px; }
.feed ul li a { color: #0074d9; text-decoration: none; }
body.dark .feed ul li a { color: #5caeff; }
/* Watcher notify panel */
#watcherNotify {
  position: fixed;
  bottom: 24px;
  right: 24px;
  max-width: 520px;
  z-index: 1400;
  display: none;
}
/* Dark mode fix for Watcher textarea placeholder */
body.dark #watcherList::placeholder { color: #bbb; }
/* Force dark mode for AI Analysis modal outer container */
body.dark #analysisModal > div {
  background: var(--panel-dark) !important;
  color: var(--text-dark) !important;
  border-color: var(--border-dark) !important;
}
/* Exploitation Watcher Scrollbar */
#watchContent {
  max-height: 320px;
  overflow-y: auto;
  border-radius: 6px;
  padding: 12px;
  background: #fafafa;
}
body.dark #watchContent {
  background: #1e1e1e;
}
#watchContent::-webkit-scrollbar {
  width: 8px;
}
#watchContent::-webkit-scrollbar-thumb {
  background: #aaa;
  border-radius: 4px;
}
body.dark #watchContent::-webkit-scrollbar-thumb {
  background: #666;
}
</style>
</head>
<body class="light">
<button class="mode" onclick="toggleMode()">Dark Mode</button>
<nav>
  <button onclick="switchTab(0)" class="active">CVE Dashboard</button>
  <button onclick="switchTab(1)">CyberWatch Dashboard</button>
</nav>
<div class="tabs">
  <section id="tab1" class="active">
    <header class="cve-header">
      <h1>Vulnerability Analysis Dashboard</h1>
      <input id="cve" type="text" placeholder="Enter CVE (e.g., CVE-2021-44228) or Vendor/Product" />
      <button id="go" class="btn">Run</button>
      <button id="clearCve" class="btn">Clear</button>
      <button id="aiAnalysis" class="btn">AI Analysis</button>
    </header>
    <main class="cve-main">
      <!-- panels unchanged -->
      <div id="cveDetails" class="panel"><header><h2>CVE Details &amp; Exploitation Signals</h2></header><div class="content" id="cveContent"><div class="meta">Enter a CVE or Vendor/Product and click Run.</div></div></div>
      <div id="exploitationWatch" class="panel"><header><h2>CVE &amp; Exploitation Watcher</h2></header><div class="content" id="watchContent"><div class="meta">Loading feeds…</div></div></div>
      <div id="vulncheckMonitor" class="panel"><header><h2>Recent VulnCheck KEV (last 10 days)</h2></header><div class="content" id="vulncheckContent"><div class="meta">Loading...</div></div></div>
      <div id="notableSources" class="panel"><header><h2>Notable Sources &amp; References</h2></header><div class="content" id="sourcesContent"><div class="meta">Will appear after running a CVE.</div></div></div>
      <div id="relevantSearches" class="panel"><header><h2>Relevant Searches &amp; Monitoring</h2></header><div class="content" id="searchLinks"><div class="meta">Enter a term above and click Run to populate links.</div></div></div>
    </main>
    <div id="toast"></div>
    <div id="loading">Loading data...</div>
    <!-- Attack Visualizer Modal -->
    <div id="attackModal"><div class="prev-content"><div id="attackGraph"></div><button id="closeModal" class="btn">Close Visualizer</button></div></div>
    <!-- Prevalence Modal -->
    <div id="prevalenceModal"><div class="prev-content"><div class="prev-header"><h3 id="prevTitle">Prevalence</h3><button class="btn" onclick="document.getElementById('prevalenceModal').style.display='none'">Close</button></div><div id="prevBody"></div></div></div>
    <!-- AI Analysis Results Modal -->
    <div id="analysisModal" role="dialog" aria-modal="true" aria-labelledby="analysisTitle" style="display:none; position:fixed; inset:0; background: rgba(0,0,0,0.6); z-index:1450; align-items:center; justify-content:center;">
      <div style="background: var(--panel-light); color: inherit; border:1px solid var(--border-light); border-radius:12px; width:92%; max-width:860px; max-height:85vh; overflow:auto; padding:18px;">
        <h3 id="analysisTitle" style="margin-top:0">AI Analysis</h3>
        <div id="analysisStatus" class="meta" style="margin-bottom:12px">Preparing analysis…</div>
        <div id="analysisBody" style="white-space:pre-wrap; font-family: ui-sans-serif, system-ui, Segoe UI, Roboto, Arial; border:1px solid var(--border-light); border-radius:8px; padding:12px; min-height:160px;"></div>
        <div style="display:flex; gap:12px; margin-top:12px; flex-wrap:wrap;">
          <button id="analysisCopy" class="btn">Copy</button>
          <button id="analysisSave" class="btn">Download .md</button>
          <button id="analysisCancel" class="btn">Cancel</button>
          <button id="analysisClose" class="btn">Close</button>
        </div>
      </div>
    </div>
  </section>
  <section id="tab2">
    <div class="feeds-header">
      <h1>Live Cybersecurity Exploits Monitor</h1>
      <div style="margin: 12px 0;"><button class="btn" onclick="displayFeeds()">Refresh Feeds</button></div>
    </div>
    <div id="feed-container" class="feed-container"></div>
  </section>
</div>
<script>
/* ---------- Origins & Endpoints ---------- */
const IS_FILE_ORIGIN = location.protocol === 'file:';
/* ---------- UI Utilities ---------- */
function toast(msg) {
  const t = document.getElementById("toast");
  t.textContent = msg;
  t.style.display = "block";
  setTimeout(() => t.style.display = "none", 3000);
}
function linkRow(url, label) {
  const safeLabel = label || url;
  // Return an <a> tag with a proper `href`
  return `
    <a href="${url}" target="_blank" rel="noopener noreferrer">${safeLabel}</a>
  `;
}
function toggleMode() {
  document.body.classList.toggle('dark');
  const modeBtn = document.querySelector(".mode");
  if (modeBtn) modeBtn.textContent = document.body.classList.contains("dark") ? "Light Mode" : "Dark Mode";
  const themeBtn = document.getElementById("theme");
  if (themeBtn) themeBtn.textContent = document.body.classList.contains("dark") ? "Light Mode" : "Dark Mode";
  localStorage.setItem("theme", document.body.classList.contains("dark") ? "dark" : "light");
}
function initTheme() {
  const saved = localStorage.getItem("theme");
  if (saved === "dark") {
    document.body.classList.add("dark");
    const modeBtn = document.querySelector(".mode"); if (modeBtn) modeBtn.textContent = "Light Mode";
    const themeBtn = document.getElementById("theme"); if (themeBtn) themeBtn.textContent = "Light Mode";
  }
  document.getElementById("theme")?.addEventListener("click", toggleMode);
}
/* ---------- CWE Builder ---------- */
function buildCweHtml(cveJson, nvdJson) {
  const rows = [];
  const cna = cveJson?.containers?.cna;
  const cnaAssigner = cna?.providerMetadata?.shortName || 'CNA';
  const cnaPts = Array.isArray(cna?.problemTypes) ? cna.problemTypes : [];
  cnaPts.forEach(pt => { (pt.descriptions || []).forEach(d => { rows.push({ source: cnaAssigner, cweId: d?.cweId || d?.id || null, description: d?.description || d?.value || '' }); }); });
  const adps = Array.isArray(cveJson?.containers?.adp) ? cveJson.containers.adp : [];
  adps.forEach(p => {
    const src = p?.providerMetadata?.shortName || 'ADP';
    const pts = Array.isArray(p?.problemTypes) ? p.problemTypes : [];
    pts.forEach(pt => { (pt.descriptions || []).forEach(d => { rows.push({ source: src, cweId: d?.cweId || d?.id || null, description: d?.description || d?.value || '' }); }); });
  });
  const nvdCve = nvdJson?.vulnerabilities?.[0]?.cve;
  const weaknesses = Array.isArray(nvdCve?.weaknesses) ? nvdCve.weaknesses : [];
  weaknesses.forEach(w => {
    const src = 'NVD - NIST';
    const descs = w?.description || w?.descriptions || [];
    (descs || []).forEach(d => {
      const text = d?.value || d?.description || '';
      const idMatch = text?.match(/\bCWE-\d{1,5}\b/);
      rows.push({ source: src, cweId: idMatch ? idMatch[0] : (w?.type || null), description: text });
    });
  });
  const seen = new Set();
  const uniq = rows.filter(r => { const key = `${r.source}|${r.cweId || ''}|${r.description || ''}`; if (seen.has(key)) return false; seen.add(key); return true; });
  if (!uniq.length) return '<div class="meta">No CWE data available.</div>';
  return uniq.map(r => `<div class="item"><div class="title">CWE ID: ${r.cweId || 'Unknown'} - ${r.description || 'No Description'}</div><div class="meta">Assigner: ${r.source}</div></div>`).join('');
}
/* ---------- Prompt Builder ---------- */
let __lastAnalysisContext = null;
let __lastVulncheckRecent = [];
function buildAnalysisPrompt(ctx) {
  if (!ctx) {
    return [
      'You are a security analyst. Provide a concise, technically rigorous vulnerability analysis.',
      '',
      'Deliverables:',
      '1) Executive summary.',
      '2) Root cause & vulnerable components/conditions.',
      '3) Exploitability (pre-/post-auth, network exposure).',
      '4) Impact & blast radius; relevant MITRE ATT&CK techniques.',
      '5) Detection ideas (logs, artifacts, controls).',
      '6) Mitigation/patch priorities & safe workarounds.',
      '7) Risk scoring rationale (tie to KEV/EPSS/CVSS).',
      '',
      'State unknowns explicitly; do not guess.'
    ].join('\n');
  }
  const { input, isCVE, cnaName, description, kevYes, ransomwareTag, epss, cvss = [], cwes = [], referencesGrouped = [] } = ctx;
  const cvssLines = cvss.length ? cvss.map(m => `- CVSS v${m.version}: ${m.score} (${m.source})${m.vector ? ` | ${m.vector}` : ''}`).join('\n') : '- CVSS: (none)';
  const cweLines = cwes.length ? cwes.map(c => `- ${c.id || 'Unknown'} — ${c.desc || 'No description'} (Assigner: ${c.assigner || 'Unknown'})`).join('\n') : '- CWE: (none)';
  const refLines = referencesGrouped.length ? referencesGrouped.map(g => { const links = (g.links || []).slice(0, 4).map(r => ` • ${r.name || r.url}: ${r.url}`).join('\n'); return `- ${g.host}\n${links}`; }).join('\n') : '- References: (none)';
  const epssLine = (epss && typeof epss.score === 'number') ? `EPSS: ${epss.score.toFixed(4)} (~${(epss.score * 100).toFixed(2)}% 30-day), Percentile: ${(epss.percentile * 100).toFixed(1)}%` : `EPSS: (no data)`;
  const kevLine = kevYes ? `CISA KEV: Yes (Ransomware: ${String(ransomwareTag || 'Unknown')})` : `CISA KEV: No`;
  return [
    `Provide a concise, technically rigorous analysis for ${isCVE ? 'CVE' : 'product'}: ${input}.`,
    ``,
    `Context from dashboard:`,
    `CNA: ${cnaName || 'Unknown'}`,
    `Description: ${description || 'No description found'}`,
    `${kevLine}`,
    `${epssLine}`,
    ``,
    `CVSS metrics:`,
    `${cvssLines}`,
    ``,
    `CWE(s):`,
    `${cweLines}`,
    ``,
    `References (top sources):`,
    `${refLines}`,
    ``,
    `Deliverables:`,
    `1) Executive summary.`,
    `2) Root cause & vulnerable components/conditions.`,
    `3) Exploitability (pre-/post-auth, network exposure).`,
    `4) Impact & blast radius; key ATT&CK techniques.`,
    `5) Detection ideas (logs, artifacts, controls).`,
    `6) Mitigation/patch priorities & safe workarounds.`,
    `7) Risk scoring rationale (tie to KEV/EPSS/CVSS).`,
    ``,
    `State unknowns explicitly; do not guess.`
  ].join('\n');
}
/* ---------- Static Analysis ---------- */
function generateStaticAnalysis(ctx) {
  const { input, isCVE, cnaName, description, kevYes, ransomwareTag, epss, cvss = [], cwes = [] } = ctx || {};
  const cvssText = cvss.length ? cvss.map(m => `- **CVSS v${m.version}**: ${m.score} _(source: ${m.source}; vector: ${m.vector || 'N/A'})_`).join('\n') : '- **CVSS**: No metrics available';
  const cweText = cwes.length ? cwes.map(c => `- **${c.id || 'Unknown'}** — ${c.desc || 'No description'} _(Assigner: ${c.assigner || 'Unknown'})_`).join('\n') : '- **CWE**: No data';
  const epssText = epss ? `- **EPSS**: ${epss.score?.toFixed(4)} (~${(epss.score * 100).toFixed(2)}% 30-day) — Percentile ${(epss.percentile * 100).toFixed(1)}%` : '- **EPSS**: No data';
  const kevText = kevYes ? `- **CISA KEV**: Yes${String(ransomwareTag).toLowerCase() === 'known' ? ' (Known ransomware campaign use)' : ''}` : '- **CISA KEV**: No';
  return [
    `# ${isCVE ? input : `Analysis: ${input}`}`,
    ``,
    `## Executive Summary`,
    `${description || 'No CNA description available.'}`,
    ``,
    `## Root Cause & Vulnerable Components`,
    `- Derived from CNA/ADP/NVD records. (If not explicitly stated in the record, root cause details remain **unknown**.)`,
    `${cweText}`,
    ``,
    `## Exploitability`,
    `- Authentication requirements: **unknown**`,
    `- Network exposure: **unknown** (review service exposure, ingress rules, and public endpoints)`,
    `- PoC/weaponization: Consult Exploit-DB, PacketStorm, GitHub code searches in *Relevant Searches* panel.`,
    ``,
    `## Impact & Blast Radius`,
    `- Impact level per CVSS:`,
    `${cvssText}`,
    `- Key ATT&CK techniques: **Txxx (unknown)** — map actual artifacts from detections once logs are available.`,
    ``,
    `## Detection Ideas`,
    `- Review application/server logs around suspected vulnerable components.`,
    `- Look for anomalous inputs aligned to CWE patterns (e.g., injection, deserialization).`,
    `- Enable verbose logging/telemetry for exposed services; monitor for IOCs from advisories.`,
    ``,
    `## Mitigation & Patch Priorities`,
    `- Apply vendor patches or mitigations referenced in CNA/NVD links.`,
    `- If patch unavailable: implement temporary compensating controls (WAF rules, service isolation).`,
    `- Prioritize based on KEV/EPSS:`,
    `${kevText}`,
    `${epssText}`,
    ``,
    `## Risk Scoring Rationale`,
    `- Based on the presence/absence of KEV, EPSS percentile, and CVSS base score.`,
    `- Adjust per asset exposure, business criticality, and observed exploitation in your environment.`,
    ``,
    `> Generated via static analysis mode (no external AI calls).`
  ].join('\n');
}
/* ---------- AI Analysis (Edge → Gemini → Enterprise → Static) ---------- */
let __aiSession = null;
let __aiAbort = null;
function openAnalysisModal() { const m = document.getElementById('analysisModal'); const b = document.getElementById('analysisBody'); const s = document.getElementById('analysisStatus'); if (!m || !b || !s) return; b.textContent = ''; s.textContent = 'Preparing analysis…'; m.style.display = 'flex'; }
function closeAnalysisModal() { const m = document.getElementById('analysisModal'); if (m) m.style.display = 'none'; cancelAnalysis(); }
function cancelAnalysis() { try { if (__aiAbort) { __aiAbort.abort(); __aiAbort = null; } if (__aiSession?.destroy) { __aiSession.destroy(); } } catch {} __aiSession = null; }
function downloadAnalysis() { const text = document.getElementById('analysisBody')?.textContent || ''; const blob = new Blob([text], { type: 'text/markdown;charset=utf-8' }); const a = document.createElement('a'); a.href = URL.createObjectURL(blob); a.download = 'analysis.md'; a.click(); URL.revokeObjectURL(a.href); }
async function runLocalAnalysis(prompt) {
  const body = document.getElementById('analysisBody'); const status = document.getElementById('analysisStatus');
  if (!('ai' in window) || !window.ai?.createTextSession) { throw new Error('Edge Prompt API unavailable'); }
  __aiSession = await window.ai.createTextSession({ systemPrompt: 'You are a security analyst. Be concise, technical, and explicitly note unknowns.', temperature: 0.2, topK: 40 });
  status.textContent = 'Generating locally (Edge)…';
  const supportsStreaming = !!__aiSession.promptStreaming;
  __aiAbort = new AbortController();
  if (supportsStreaming) { for await (const chunk of __aiSession.promptStreaming(prompt, { signal: __aiAbort.signal })) { body.textContent += chunk; } }
  else { body.textContent = await __aiSession.prompt(prompt); }
  status.textContent = 'Complete';
}
async function runAiAnalysis() {
  try {
    openAnalysisModal();
    const inputField = document.getElementById('cve')?.value || '';
    const ctx = __lastAnalysisContext || {
      input: inputField || 'unknown target',
      isCVE: /^CVE-\d{4}-\d{4,}$/i.test(inputField),
      cnaName: null,
      description: 'No description available yet',
      kevYes: false,
      ransomwareTag: 'Unknown',
      epss: null,
      cvss: [],
      cwes: [],
      referencesGrouped: []
    };
    const prompt = buildAnalysisPrompt(ctx);

    const body = document.getElementById('analysisBody');
    const status = document.getElementById('analysisStatus');

    // Only attempt browser-native window.ai (Edge/Copilot)
    if ('ai' in window && window.ai?.createTextSession) {
      try {
        status.textContent = 'Generating locally (browser AI)...';
        const session = await window.ai.createTextSession({
          systemPrompt: 'You are a security analyst. Be concise, technical, and explicitly note unknowns.',
          temperature: 0.2,
          topK: 40
        });

        const supportsStreaming = !!session.promptStreaming;
        if (supportsStreaming) {
          body.textContent = '';
          for await (const chunk of session.promptStreaming(prompt)) {
            body.textContent += chunk;
          }
        } else {
          body.textContent = await session.prompt(prompt);
        }
        status.textContent = 'Complete (local browser AI)';
        return;
      } catch (aiErr) {
        console.warn('Browser AI failed:', aiErr);
      }
    }

    // Fallback: static analysis
    body.textContent = generateStaticAnalysis(ctx);
    status.textContent = 'Static analysis (browser AI not available)';
  } catch (e) {
    console.error('AI Analysis error:', e);
    const status = document.getElementById('analysisStatus');
    const body = document.getElementById('analysisBody');
    if (status) status.textContent = 'Failed';
    if (body) body.textContent = `Error: ${e.message || 'Unexpected error'}`;
    toast('Analysis failed. Browser AI may not be supported in this browser.');
  }
}
function initInlineAnalysis() {
  const btn = document.getElementById('aiAnalysis'); const copyBtn = document.getElementById('analysisCopy');
  const saveBtn = document.getElementById('analysisSave'); const cancelBtn= document.getElementById('analysisCancel');
  const closeBtn = document.getElementById('analysisClose'); const modal = document.getElementById('analysisModal');
  if (btn) btn.onclick = runAiAnalysis;
  copyBtn?.addEventListener('click', async () => { try { const text = document.getElementById('analysisBody')?.textContent || ''; await navigator.clipboard.writeText(text); toast('Analysis copied to clipboard'); } catch { toast('Copy failed — select and press Ctrl+C'); } });
  saveBtn?.addEventListener('click', downloadAnalysis);
  cancelBtn?.addEventListener('click', () => { cancelAnalysis(); toast('Analysis cancelled'); });
  closeBtn?.addEventListener('click', closeAnalysisModal);
  modal?.addEventListener('click', (e) => { if (e.target.id === 'analysisModal') closeAnalysisModal(); });
}
/* ---------- VulnCheck ---------- */
async function loadVulnCheck() {
  try {
    const res = await fetch('https://jakewarren.github.io/vulncheck-kev-rss/rss.xml');
    const text = await res.text(); const doc = new DOMParser().parseFromString(text, 'application/xml'); const items = doc.querySelectorAll('item');
    const now = Date.now(); let html = ""; __lastVulncheckRecent = [];
    items.forEach(item => {
      const pubDate = new Date(item.querySelector('pubDate')?.textContent || 0).getTime();
      if ((now - pubDate) < 10 * 24 * 60 * 60 * 1000) {
        const title = item.querySelector('title')?.textContent || ''; const link = item.querySelector('link')?.textContent || '#';
        const cveMatch = title.match(/CVE-\d{4}-\d{4,}/); const cve = cveMatch ? cveMatch[0] : 'Unknown CVE';
        const product = title.replace(cve, '').replace(/^\s*-\s*/, '').replace(/\s*Vulnerability.*$/i, '').trim() || 'Unknown Product';
        html += `<div class="item"><div class="title">${linkRow(link, cve + ' - ' + product)}</div></div>`;
        if (cveMatch) __lastVulncheckRecent.push(cve);
      }
    });
    document.getElementById("vulncheckContent").innerHTML = html || '<div class="meta">No recent additions in last 10 days.</div>';
  } catch { document.getElementById("vulncheckContent").innerHTML = '<div class="meta">Failed to load VulnCheck data.</div>'; }
}
/* ---------- KEV ---------- */
const KEV_JSON_URLS = [
  'https://raw.githubusercontent.com/cisagov/kev-data/develop/known_exploited_vulnerabilities.json',
  'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'
];
let kevCache = { loaded:false, data:null, ts:0 };
async function loadKEV() {
  if (kevCache.loaded && kevCache.data && (Date.now() - kevCache.ts) < 60*60*1000) return kevCache.data;
  for (const url of KEV_JSON_URLS) {
    try { const res = await fetch(url, { cache:'no-store' }); if (!res.ok) continue; const json = await res.json(); kevCache.data = Array.isArray(json) ? json : (json.vulnerabilities || json); kevCache.loaded = true; kevCache.ts = Date.now(); return kevCache.data; } catch {}
  }
  throw new Error('Unable to load CISA KEV data');
}
async function getKevEntry(cveId) { const kev = await loadKEV(); const up = cveId.toUpperCase(); return kev.find(e => (e.cveID || e.cveId) === up) || null; }
/* ---------- SSVC helpers ---------- */
/* [unchanged helpers: normalizeSsvcValue, capFirst, extractSsvcDeep] */
function normalizeSsvcValue(val) { return (val || 'N/A').toLowerCase().replace(/^(active|none|proof-of-concept|sporadic)$/i, m => m.toLowerCase()); }
function capFirst(str) { return (str || '').charAt(0).toUpperCase() + str.slice(1); }
function extractSsvcDeep(obj) {
  const decisionPoints = { exploitation: 'N/A', automatable: 'N/A', technicalImpact: 'N/A', decision: 'N/A' };
  const traverse = (o) => {
    if (typeof o !== 'object' || !o) return;
    for (const key in o) {
      if (key === 'exploitation') decisionPoints.exploitation = normalizeSsvcValue(o[key]);
      if (key === 'automatable') decisionPoints.automatable = normalizeSsvcValue(o[key]);
      if (key === 'technical_impact') decisionPoints.technicalImpact = normalizeSsvcValue(o[key]);
      if (key === 'decision') decisionPoints.decision = normalizeSsvcValue(o[key]);
      traverse(o[key]);
    }
  };
  traverse(obj);
  return decisionPoints;
}
/* ---------- Vendor/Product helpers ---------- */
/* [unchanged helpers: severityFromScore, classFromScore, tokensFromQuery, cpeTokensMatch, vulnMatchesTokens, fetchNvdCvesByKeyword, renderVendorProductResults, runVendorProductSearch] */
function severityFromScore(score) { return score < 4 ? 'Low' : score < 7 ? 'Medium' : score < 9 ? 'High' : 'Critical'; }
function classFromScore(score) { return score < 4 ? 'low' : score < 7 ? 'medium' : score < 9 ? 'high' : 'critical'; }
function tokensFromQuery(query) { return query.toLowerCase().split(/\s+/).filter(t => t.length > 1); }
function cpeTokensMatch(cpe, tokens) { if (!cpe) return false; const parts = cpe.toLowerCase().split(':'); return tokens.every(t => parts.some(p => p.includes(t))); }
function vulnMatchesTokens(vuln, tokens) { const desc = vuln?.cve?.descriptions?.[0]?.value?.toLowerCase() || ''; const refs = vuln?.cve?.references?.flatMap(r => r.url.toLowerCase() || []) || []; return tokens.every(t => desc.includes(t) || refs.some(u => u.includes(t))); }
async function fetchNvdCvesByKeyword(keyword) {
  try { const res = await fetch(`https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch=${encodeURIComponent(keyword)}&resultsPerPage=20`); return await res.json(); } catch { return { vulnerabilities: [] }; }
}
function renderVendorProductResults(json) {
  const vulns = json.vulnerabilities || [];
  let html = '';
  vulns.forEach(vuln => {
    const cve = vuln?.cve; if (!cve) return;
    const id = cve.id || 'Unknown';
    const desc = cve.descriptions?.[0]?.value || 'No description';
    const score = cve.metrics?.cvssMetricV31?.[0]?.cvssData?.baseScore || 0;
    const sev = severityFromScore(score);
    const cls = classFromScore(score);
    html += `<div class="item"><div class="title">${id} <span class="chip ${cls}">${sev} (${score})</span></div><div class="meta">${desc}</div></div>`;
  });
  const content = document.getElementById('cveContent');
  content.innerHTML = html || '<div class="meta">No matching vulnerabilities found.</div>';
  renderRelevantSearches(keyword);
}
async function runVendorProductSearch(keyword) {
  const loadingEl = document.getElementById("loading"); if (loadingEl) loadingEl.style.display = "flex";
  try {
    const json = await fetchNvdCvesByKeyword(keyword);
    renderVendorProductResults(json);
  } catch (err) {
    document.getElementById("cveContent").innerHTML = `<div class="meta">Error loading data: ${err.message}</div>`;
    renderRelevantSearches(keyword);
  } finally { if (loadingEl) loadingEl.style.display = "none"; }
}
/* ---------- CVE flow ---------- */
/* [unchanged: isCVE, runSearch] */
function isCVE(str){ return /^CVE-\d{4}-\d{4,}$/i.test(str); }

async function runSearch() {
  const inputRaw = (document.getElementById("cve")?.value || "").trim();
  const input = inputRaw.toUpperCase();

  // If not CVE, delegate to vendor/product search
  if (!isCVE(input)) {
    if (inputRaw.length < 2) {
      toast("Enter at least 2 characters for vendor/product search");
      return;
    }
    return runVendorProductSearch(inputRaw);
  }

  // Show loading overlay
  const loadingEl = document.getElementById("loading");
  if (loadingEl) loadingEl.style.display = "flex";

  // --- helper: try KEV date from multiple sources (feed + localStorage map) ---
  function getKevAddedDate(kevObj, cveIdUpper) {
    // 1) direct from the object returned by loadKEV()
    let d = '';
    if (kevObj) {
      d = kevObj.dateAdded || kevObj.date_added || '';
      if (d) return d;
    }
    // 2) fallback to the watcher map persisted in localStorage
    try {
      const map = JSON.parse(localStorage.getItem('cveWatcher.kevMap') || '{}') || {};
      const entry = map[cveIdUpper];
      if (entry) {
        return entry.dateAdded || entry.date_added || '';
      }
    } catch { /* ignore parse errors */ }
    // 3) no date found
    return '';
  }

  try {
    // Fetch CNA (CVE Services), NVD, EPSS in parallel
    const [cveRes, nvdRes, epssRes] = await Promise.all([
      fetch(`https://cveawg.mitre.org/api/cve/${input}`),
      fetch(`https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=${input}`),
      fetch(`https://api.first.org/data/v1/epss?cve=${input}`)
    ]);
    if (!cveRes.ok) throw new Error("CVE not found");

    // KEV + ransomware tag
    const kevEntry = await getKevEntry(input).catch(() => null);
    const kevYes = !!kevEntry;
    const ransomwareTag = kevEntry ? (kevEntry.knownRansomwareCampaignUse || 'Unknown') : 'Unknown';

    // ✅ robust KEV date resolution
    const kevDateRaw = getKevAddedDate(kevEntry, input);
    const kevAddedPretty = kevDateRaw ? new Date(kevDateRaw).toLocaleDateString() : '';
    const kevLabel = kevYes
      ? `CISA KEV: Yes${kevAddedPretty ? ` — Added: ${kevAddedPretty}` : ''}`
      : 'CISA KEV: No';

    // CNA record
    const cveData = await cveRes.json();
    const cna = cveData?.containers?.cna || {};
    const desc = cna?.descriptions?.[0]?.value || "No description";
    const cnaName = cna?.providerMetadata?.shortName || "Unknown";
    const adpProviders = Array.isArray(cveData?.containers?.adp) ? cveData.containers.adp : [];
    const published = cveData.cveMetadata?.datePublished
      ? new Date(cveData.cveMetadata.datePublished).toLocaleDateString()
      : 'N/A';

    // SSVC block (best effort)
    let ssvcInlineHtml = '';
    try {
      const allMetrics = (adpProviders || [])
        .flatMap(p => (p.metrics || []).map(m => ({ provider: p, metric: m })));
      const ssvcMetricEntry =
        allMetrics.find(({ provider, metric }) =>
          (provider?.providerMetadata?.shortName || '').toLowerCase().includes('cisa') &&
          metric?.other && String(metric.other.type || '').toLowerCase() === 'ssvc'
        ) ||
        allMetrics.find(({ metric }) =>
          metric?.other && String(metric.other.type || '').toLowerCase() === 'ssvc'
        );

      const ssvcContent = ssvcMetricEntry?.metric?.other?.content;
      const parsed = extractSsvcDeep(ssvcContent);
      const exploitation = capFirst(parsed.exploitation);
      const automatable = capFirst(parsed.automatable);
      const technicalImpact = capFirst(parsed.technicalImpact);
      const decision = capFirst(parsed.decision);
      const providerName = ssvcMetricEntry?.provider?.providerMetadata?.shortName || 'ADP';

      ssvcInlineHtml = `
        <div class="metrics-box">
          <div class="title">SSVC Metrics (${providerName})</div>
          <table>
            <tr><th>Exploitation</th><td>${exploitation}</td></tr>
            <tr><th>Automatable</th><td>${automatable}</td></tr>
            <tr><th>Technical Impact</th><td>${technicalImpact}</td></tr>
            ${decision !== 'N/A' ? `<tr><th>Decision</th><td>${decision}</td></tr>` : ''}
          </table>
        </div>`;

      if (!ssvcMetricEntry || !ssvcContent) {
        ssvcInlineHtml = `
        <div class="metrics-box">
          <div class="title">SSVC Decision Points</div>
          <table><tr><th>Status</th><td>No SSVC Data is Available at this time.</td></tr></table>
        </div>`;
      }
    } catch {
      ssvcInlineHtml = `
      <div class="metrics-box">
        <div class="title">SSVC Decision Points</div>
        <table><tr><th>Status</th><td>No SSVC Data is Available at this time.</td></tr></table>
      </div>`;
    }

    // EPSS block
    const epssData = epssRes.ok ? (await epssRes.json()).data?.[0] : null;
    const epssDateStr = epssData?.date ? `(as of ${new Date(epssData.date).toLocaleString()})` : '';
    const epssInlineHtml = epssData ? `
      <div class="metrics-box">
        <div class="title">EPSS Metrics</div>
        <table>
          <tr><th>EPSS Score</th><td>${Number(epssData.epss).toFixed(4)} ${epssDateStr}</td></tr>
          <tr><th>30-day Probability</th><td>${(Number(epssData.epss) * 100).toFixed(2)}% ${epssDateStr}</td></tr>
          <tr><th>Percentile</th><td>${(Number(epssData.percentile) * 100).toFixed(1)}% ${epssDateStr}</td></tr>
        </table>
      </div>` : `
      <div class="metrics-box">
        <div class="title">EPSS Metrics</div>
        <table><tr><th>Status</th><td>No EPSS data available</td></tr></table>
      </div>`;

    // References (by host) from CNA
    const refs = (cna.references || []).filter(r => r.url && r.url.startsWith('https://'));
    const grouped = refs.reduce((acc, r) => {
      let host;
      try { host = new URL(r.url).hostname.replace(/^www\./, ''); } catch { host = "link"; }
      (acc[host] ||= []).push(r);
      return acc;
    }, {});
    const refsHtml = Object.keys(grouped).map(host => {
      const list = grouped[host];
      return `
        <div class="item">
          <div class="title">${host} (${list.length})</div>
          <div class="meta">${ list.map(r => linkRow(r.url, r.name || r.url)).join("") }</div>
        </div>`;
    }).join("") || '<div class="meta">No references found.</div>';
    document.getElementById("sourcesContent").innerHTML = refsHtml;

    // CVSS metrics (CNA + NVD)
    const metrics = [];
    (cna.metrics || []).forEach(m => {
      if (m.cvssV3_1) metrics.push({
        score: m.cvssV3_1.baseScore, version: "3.1",
        source: `CVE.org - CNA (${cnaName})`, vector: m.cvssV3_1.vectorString
      });
      if (m.cvssV4_0) metrics.push({
        score: m.cvssV4_0.baseScore, version: "4.0",
        source: `CVE.org - CNA (${cnaName})`, vector: m.cvssV4_0.vectorString
      });
    });

    let nvdJson = null;
    if (nvdRes.ok) {
      nvdJson = await nvdRes.json();
      const nvdCve = nvdJson.vulnerabilities?.[0]?.cve;
      if (nvdCve?.metrics) {
        ["cvssMetricV31","cvssMetricV40"].forEach(key => {
          (nvdCve.metrics[key] || []).forEach(m => {
            const data = m.cvssData;
            if (data) metrics.push({
              score: data.baseScore,
              version: key === "cvssMetricV31" ? "3.1" : "4.0",
              source: "NVD - NIST",
              vector: data.vectorString
            });
          });
        });
      }
    }

    const cvssHtml = metrics.map(m => {
      const sev = (m.score < 4 ? "Low" : m.score < 7 ? "Medium" : m.score < 9 ? "High" : "Critical");
      const cls = (m.score < 4 ? "low" : m.score < 7 ? "medium" : m.score < 9 ? "high" : "critical");
      return `
        <div class="item">
          <div class="title">CVSS v${m.version} – ${m.score} <span class="chip ${cls}">${sev}</span></div>
          <div class="meta">Source: ${m.source}<br>Vector: ${m.vector || "N/A"}</div>
        </div>`;
    }).join("") || '<div class="meta">No CVSS metrics available</div>';

    const inVulncheck = __lastVulncheckRecent.includes(input);
    const quickLinksHtml = [
      linkRow(`https://nvd.nist.gov/vuln/detail/${input}`, "NVD Detail Page"),
      linkRow(`https://cve.mitre.org/cgi-bin/cvename.cgi?name=${input}`, "MITRE CVE Record"),
      linkRow(`https://cveawg.mitre.org/api/cve/${input}`, "CVE Services JSON"),
      linkRow(`https://web.archive.org/`, "Archive.org (Wayback Machine)")
    ].join("<br>");

    // Always show relevant searches
    renderRelevantSearches(input);
    if (String(ransomwareTag).toLowerCase() === 'known') renderRansomwareSearches(input);
    const cweHtml = buildCweHtml(cveData, nvdJson);

    // Context for AI Analysis
    const referencesGrouped = Object.keys(grouped).map(host => ({
      host,
      links: grouped[host].map(r => ({ name: r.name || r.url, url: r.url }))
    }));
    const cvssForPrompt = metrics.map(m => ({ version: m.version, score: m.score, source: m.source, vector: m.vector }));
    const cwesForPrompt = (cna?.problemTypes || [])
      .flatMap(pt => (pt.descriptions || [])
        .map(d => ({ id: d?.cweId || d?.id || 'Unknown', desc: d?.description || d?.value || '', assigner: cna?.providerMetadata?.shortName || 'CNA' })));
    __lastAnalysisContext = {
      input,
      isCVE: true,
      cnaName,
      description: desc,
      kevYes,
      ransomwareTag,
      epss: epssData ? { score: Number(epssData.epss), percentile: Number(epssData.percentile) } : null,
      cvss: cvssForPrompt,
      cwes: cwesForPrompt,
      referencesGrouped
    };

    // Paint CVE panel (KEV badge now uses kevLabel)
    const cveContent = document.getElementById("cveContent");
    cveContent.innerHTML = `
      <div class="item"><div class="title">${input} · CNA: ${cnaName}</div></div>
      <div class="item"><div class="title">Published: ${published}</div></div>
      <div class="item"><div class="title">Description</div><div class="meta">${desc}</div></div>
      <div class="item">
        <div class="title">Exploitation Signals</div>
        <div style="display:flex;gap:8px;flex-wrap:wrap;margin-bottom:12px;">
          <div class="badge ${kevYes ? 'yes' : 'no'}">${kevLabel}</div>
          ${kevYes
            ? `<div class="badge ${String(ransomwareTag).toLowerCase()==='known' ? 'yes' : 'no'}">Ransomware: ${ransomwareTag}</div>`
            : `<div class="badge no">Ransomware: Unknown</div>`}
          ${inVulncheck ? '<div class="badge yes">VulnCheck Recent</div>' : ''}
        </div>
        <div class="metrics-row">
          <div class="metrics-col">${epssInlineHtml}</div>
          <div class="metrics-col">${ssvcInlineHtml}</div>
        </div>
      </div>
      <div class="item"><div class="title">CWE Information</div><div class="meta">${cweHtml}</div></div>
      <div class="item"><div class="title">CVSS Metrics</div><div class="meta">${cvssHtml}</div></div>
      <div class="item"><div class="title">Quick Links</div><div class="meta">${quickLinksHtml}</div></div>
    `;
  } catch (err) {
    document.getElementById("cveContent").innerHTML =
      `<div class="meta">Error loading data: ${err.message}</div>`;
    renderRelevantSearches(inputRaw);
  } finally {
    if (loadingEl) loadingEl.style.display = "none";
  }
}
    // EPSS block
    const epssData = epssRes.ok ? (await epssRes.json()).data?.[0] : null;
    const epssDateStr = epssData?.date ? `(as of ${new Date(epssData.date).toLocaleString()})` : '';
    const epssInlineHtml = epssData ? `
      <div class="metrics-box">
        <div class="title">EPSS Metrics</div>
        <table>
          <tr><th>EPSS Score</th><td>${Number(epssData.epss).toFixed(4)} ${epssDateStr}</td></tr>
          <tr><th>30-day Probability</th><td>${(Number(epssData.epss) * 100).toFixed(2)}% ${epssDateStr}</td></tr>
          <tr><th>Percentile</th><td>${(Number(epssData.percentile) * 100).toFixed(1)}% ${epssDateStr}</td></tr>
        </table>
      </div>` : `
      <div class="metrics-box">
        <div class="title">EPSS Metrics</div>
        <table><tr><th>Status</th><td>No EPSS data available</td></tr></table>
      </div>`;
    // References (by host) from CNA
    const refs = (cna.references || []).filter(r => r.url && r.url.startsWith('https://'));
    const grouped = refs.reduce((acc, r) => {
      let host;
      try { host = new URL(r.url).hostname.replace(/^www\./,''); } catch { host = "link"; }
      (acc[host] ||= []).push(r);
      return acc;
    }, {});
    const refsHtml = Object.keys(grouped).map(host => {
      const list = grouped[host];
      return `<div class="item"><div class="title">${host} (${list.length})</div><div class="meta">${ list.map(r => linkRow(r.url, r.name || r.url)).join("") }</div></div>`;
    }).join("") || '<div class="meta">No references found.</div>';
    document.getElementById("sourcesContent").innerHTML = refsHtml;
    // CVSS metrics (CNA + NVD)
    const metrics = [];
    (cna.metrics || []).forEach(m => {
      if (m.cvssV3_1) metrics.push({score:m.cvssV3_1.baseScore, version:"3.1", source:`CVE.org - CNA (${cnaName})`, vector:m.cvssV3_1.vectorString});
      if (m.cvssV4_0) metrics.push({score:m.cvssV4_0.baseScore, version:"4.0", source:`CVE.org - CNA (${cnaName})`, vector:m.cvssV4_0.vectorString});
    });
    let nvdJson = null;
    if (nvdRes.ok) {
      nvdJson = await nvdRes.json();
      const nvdCve = nvdJson.vulnerabilities?.[0]?.cve;
      if (nvdCve?.metrics) {
        ["cvssMetricV31","cvssMetricV40"].forEach(key => {
          (nvdCve.metrics[key] || []).forEach(m => {
            const data = m.cvssData;
            if (data) metrics.push({ score:data.baseScore, version: key==="cvssMetricV31"?"3.1":"4.0", source:"NVD - NIST", vector:data.vectorString });
          });
        });
      }
    }
    const cvssHtml = metrics.map(m => {
      const sev = (m.score<4?"Low":m.score<7?"Medium":m.score<9?"High":"Critical");
      const cls = (m.score<4?"low":m.score<7?"medium":m.score<9?"high":"critical");
      return `<div class="item"><div class="title">CVSS v${m.version} – ${m.score} <span class="chip ${cls}">${sev}</span></div><div class="meta">Source: ${m.source}<br>Vector: ${m.vector || "N/A"}</div></div>`;
    }).join("") || '<div class="meta">No CVSS metrics available</div>';
    const inVulncheck = __lastVulncheckRecent.includes(input);
const quickLinksHtml = [
  linkRow(`https://nvd.nist.gov/vuln/detail/${input}`, "NVD Detail Page"),
  linkRow(`https://cve.mitre.org/cgi-bin/cvename.cgi?name=${input}`, "MITRE CVE Record"),
  linkRow(`https://cveawg.mitre.org/api/cve/${input}`, "CVE Services JSON"),
  linkRow(`https://web.archive.org/`, "Archive.org (Wayback Machine)")
].join("<br>");
    // Always show relevant searches
    renderRelevantSearches(input);
    if (String(ransomwareTag).toLowerCase()==='known') renderRansomwareSearches(input);
    const cweHtml = buildCweHtml(cveData, nvdJson);
    // Context for AI Analysis
    const referencesGrouped = Object.keys(grouped).map(host => ({
      host,
      links: grouped[host].map(r => ({ name: r.name || r.url, url: r.url }))
    }));
    const cvssForPrompt = metrics.map(m => ({ version: m.version, score: m.score, source: m.source, vector: m.vector }));
    const cwesForPrompt = (cna?.problemTypes || [])
      .flatMap(pt => (pt.descriptions || []).map(d => ({ id: d?.cweId || d?.id || 'Unknown', desc: d?.description || d?.value || '', assigner: cna?.providerMetadata?.shortName || 'CNA' })));
    __lastAnalysisContext = {
      input,
      isCVE: true,
      cnaName,
      description: desc,
      kevYes,
      ransomwareTag,
      epss: epssData ? { score: Number(epssData.epss), percentile: Number(epssData.percentile) } : null,
      cvss: cvssForPrompt,
      cwes: cwesForPrompt,
      referencesGrouped
    };
    // Paint CVE panel
    const cveContent = document.getElementById("cveContent");
    cveContent.innerHTML = `
      <div class="item"><div class="title">${input} · CNA: ${cnaName}</div></div>
      <div class="item"><div class="title">Published: ${published}</div></div>
      <div class="item"><div class="title">Description</div><div class="meta">${desc}</div></div>
      <div class="item">
        <div class="title">Exploitation Signals</div>
        <div style="display:flex;gap:8px;flex-wrap:wrap;margin-bottom:12px;">
        <div class="badge ${kevYes ? 'yes' : 'no'}">${kevLabel}</div>
          ${kevYes
          ? `<div class="badge ${String(ransomwareTag).toLowerCase()==='known' ? 'yes' : 'no'}">Ransomware: ${ransomwareTag}</div>`
          : `<div class="badge no">Ransomware: Unknown</div>`}
          ${inVulncheck ? '<div class="badge yes">VulnCheck Recent</div>' : ''}
        </div>
        <div class="metrics-row">
          <div class="metrics-col">${epssInlineHtml}</div>
          <div class="metrics-col">${ssvcInlineHtml}</div>
        </div>
      </div>
      <div class="item"><div class="title">CWE Information</div><div class="meta">${cweHtml}</div></div>
      <div class="item"><div class="title">CVSS Metrics</div><div class="meta">${cvssHtml}</div></div>
      <div class="item"><div class="title">Quick Links</div><div class="meta">${quickLinksHtml}</div></div>
    `;
  } catch (err) {
    document.getElementById("cveContent").innerHTML = `<div class="meta">Error loading data: ${err.message}</div>`;
    renderRelevantSearches(inputRaw);
  } finally {
    if (loadingEl) loadingEl.style.display = "none";
  }
}
/* ---------- Exploitation Watch ---------- */
async function fetchTextWithFallback(url) {
  const tryFetch = async (u) => { const r = await fetch(u, { cache: 'no-store', mode: 'cors' }); if (!r.ok) throw new Error(`HTTP ${r.status}`); return await r.text(); };
  const proxJina = (u) => 'https://r.jina.ai/http/' + u.replace(/^https?:\/\//, '');
  const proxAor = (u) => 'https://api.allorigins.win/raw?url=' + encodeURIComponent(u);
  try { return await tryFetch(url); }
  catch (e1) { try { return await tryFetch(proxJina(url)); } catch (e2) { try { return await tryFetch(proxAor(url)); } catch (e3) { throw e3; } } }
}
async function loadExploitationWatch() {
  const now = Date.now(); const tenDaysMs = 10*24*60*60*1000; let out=[];
  const sources = [
    { name:"SecurityWeek", url:"https://www.securityweek.com/feed/" },
    { name:"BleepingComputer", url:"https://www.bleepingcomputer.com/feed/" },
    { name:"SANS Internet Storm Center", url:"https://isc.sans.edu/rssfeed_full.xml" },
    { name:"MSRC Security Update Guide", url:"https://api.msrc.microsoft.com/update-guide/rss" },
    { name:"Dark Reading", url:"https://www.darkreading.com/rss.xml" },
    { name:"Krebs on Security", url:"https://krebsonsecurity.com/feed/" },
    { name:"Help Net Security", url:"https://www.helpnetsecurity.com/feed/" },
    { name:"Securelist (Kaspersky)", url:"https://securelist.com/feed/" },
    { name:"WeLiveSecurity (ESET)", url:"https://www.welivesecurity.com/feed/" },
    { name:"Zero Day Initiative", url:"https://www.zerodayinitiative.com/rss/published/" },
    { name:"Exploit Database", url:"https://www.exploit-db.com/rss.xml" },
    { name:"Unit42 (Palo Alto)", url:"https://unit42.paloaltonetworks.com/feed/" },
    { name:"Security Boulevard", url:"https://securityboulevard.com/feed" }
  ];
  const exploitationCue =(text)=>/\b(exploit(?:ed|ing)?|weaponiz(?:ed|ation)|PoC|proof[-\s]of[-\s]concept|RCE|in the wild|actively targeted|advisory|zero[-\s]?day)\b/i.test(text||"");
  const hasCve =(text)=>/\bCVE-\d{4}-\d{4,}\b/i.test(text||"");
  function withinTenDays(dateStr){ const t=new Date(dateStr||0).getTime(); return isFinite(t) && (now-t)<tenDaysMs; }
  async function collectRss(url, sourceName){
    try{
      const xml = await fetchTextWithFallback(url);
      const doc = new DOMParser().parseFromString(xml,"application/xml");
      const items = Array.from(doc.querySelectorAll("item, entry")).slice(0,60);
      items.forEach(item=>{
        const pick = sel => item.querySelector(sel)?.textContent || '';
        const title = pick("title");
        const desc = pick("description") || pick("summary");
        const linkNode = item.querySelector('link[href]');
        const link = (item.querySelector("link")?.textContent || linkNode?.getAttribute('href') || "#").trim();
        const pub = pick("pubDate") || pick("updated");
        if (withinTenDays(pub) && (hasCve(title+" "+desc) || exploitationCue(title+" "+desc))) {
          out.push({ source:sourceName, title, link, date:new Date(pub).toLocaleString() });
        }
      });
    }catch{}
  }
  document.getElementById("watchContent").innerHTML = '<div class="meta">Loading feeds…</div>';
  await Promise.all(sources.map(s=>collectRss(s.url,s.name)));
  out.sort((a,b)=> new Date(b.date||0) - new Date(a.date||0));
  const html = out.map(r=>`<div class="item"><div class="title">${linkRow(r.link, r.title)}</div><div class="meta">${r.source}${r.date ? ' · ' + r.date : ''}</div></div>`).join("");
  const watchContent = document.getElementById("watchContent");
  watchContent.innerHTML = html || '<div class="meta">No recent exploitation reports detected in the last 10 days from selected sources.</div>';
  if (out.length > 10) {
    watchContent.style.overflowY = 'auto';
    watchContent.style.maxHeight = '320px';
  } else {
    watchContent.style.overflowY = '';
    watchContent.style.maxHeight = '';
  }
}
/* ---------- Prevalence ---------- */
function renderPrevalenceSignals(keyword){ document.getElementById("prevBody").innerHTML = `<div class="meta">Prevalence view not enabled in this build.</div>`; }
function openPrevalence(keyword){ const modal=document.getElementById("prevalenceModal"); if(!modal) return toast("Prevalence modal is not available."); modal.style.display="flex"; document.getElementById("prevTitle").textContent=`Prevalence – ${keyword}`; renderPrevalenceSignals(keyword); }
/* ---------- Relevant Searches ---------- */
function renderRelevantSearches(term){
  const q = encodeURIComponent(term); const isCve = /^CVE-\d{4}-\d{4,}$/i.test(term);
  const links = [
    linkRow(`https://www.exploit-db.com/search?q=${q}`, "Exploit-DB Search"),
    linkRow(`https://packetstorm.news/files/cve/?q=${q}`, "PacketStorm Search"),
    linkRow(`https://github.com/search?q=${q}&type=code`, "GitHub Code Search (PoCs)"),
    isCve ? linkRow(`https://app.crowdsec.net/cti/cve-explorer/${term.toLowerCase()}`, "CrowdSec CTI Explorer") : '',
    linkRow(`https://x.com/search?q=${q}&f=live`, "X (Twitter) Latest"),
    linkRow(`https://www.bleepingcomputer.com/search/?q=${q}`, "BleepingComputer"),
    linkRow(`https://thehackernews.com/search?q=${q}`, "The Hacker News")
  ].join("");
  document.getElementById("searchLinks").innerHTML = `<div class="item"><div class="title">Relevant Searches</div><div class="meta">${links}</div></div>`;
}
function renderRansomwareSearches(cveId){
  const q = encodeURIComponent(cveId + " ransomware");
  const rows = [
    linkRow(`https://x.com/search?q=${q}&f=live`, "X (Twitter) — CVE + Ransomware"),
    linkRow(`https://www.bleepingcomputer.com/search/?q=${q}`, "BleepingComputer — CVE + Ransomware"),
    linkRow(`https://www.google.com/search?q=${q}`, "Google — CVE + Ransomware"),
    linkRow(`https://news.google.com/search?q=${q}`, "Google News — CVE + Ransomware")
  ].join("");
  const container = document.getElementById("searchLinks");
  container.insertAdjacentHTML('beforeend', `<div class="item"><div class="title">Ransomware-Focused Searches</div><div class="meta">${rows}</div></div>`);
}

function isTab2Active() {
  return document.getElementById('tab2')?.classList.contains('active');
}

async function maybeRefreshFeeds() {
  if (isTab2Active()) {
    await displayFeeds();
  }
}
  
/* ---------- Dashboard 2 Feeds ---------- */
const feeds = [
  { name:"SecurityWeek", url:"https://www.securityweek.com/feed/" },
  { name:"BleepingComputer", url:"https://www.bleepingcomputer.com/feed/" },
  { name:"SANS ISC Diary", url:"https://isc.sans.edu/rssfeed_full.xml" },
  { name:"MSRC Security Update Guide", url:"https://api.msrc.microsoft.com/update-guide/rss" },
  { name:"Dark Reading", url:"https://darkreading.com/rss.xml" },
  { name:"Threatpost", url:"https://threatpost.com/feed/" },
  { name:"Krebs on Security", url:"https://krebsonsecurity.com/feed/" },
  { name:"AWS Security Blog", url:"https://aws.amazon.com/blogs/security/feed/" },
  { name:"Check Point Research", url:"https://research.checkpoint.com/feed/" },
  { name:"Graham Cluley", url:"https://grahamcluley.com/feed/" },
  { name:"Help Net Security", url:"https://www.helpnetsecurity.com/feed/" },
  { name:"Juniper Threat Research", url:"https://blogs.juniper.net/threat-research/feed" },
  { name:"Malware Traffic Analysis", url:"https://www.malware-traffic-analysis.net/blog-entries.rss" },
  { name:"McAfee Advanced Threat Research", url:"https://www.mcafee.com/blogs/tag/advanced-threat-research/feed/" },
  { name:"Microsoft Security Blog", url:"https://www.microsoft.com/security/blog/feed/" },
  { name:"NVD CVE Feed (NIST)", url:"https://nvd.nist.gov/feeds/xml/cve/misc/nvd-rss.xml" },
  { name:"SANS Internet Storm Center", url:"https://isc.sans.edu/rssfeed_full.xml" },
  { name:"Schneier on Security", url:"https://www.schneier.com/tag/cybersecurity/feed/" },
  { name:"Securelist (Kaspersky)", url:"https://securelist.com/feed/" },
  { name:"SecurityWeek", url:"https://www.securityweek.com/feed/" },
  { name:"Threatpost", url:"https://threatpost.com/feed/" },
  { name:"WeLiveSecurity (ESET)", url:"https://www.welivesecurity.com/feed/" },
  { name:"Zero Day Initiative", url:"https://www.zerodayinitiative.com/rss/published/" }
];
async function fetchFeed(feedUrl) {
  try { const response = await fetch(`https://api.rss2json.com/v1/api.json?rss_url=${encodeURIComponent(feedUrl)}`); const data = await response.json(); return Array.isArray(data.items) ? data.items.slice(0, 5) : []; }
  catch (error) { console.error(`Error fetching feed: ${feedUrl}`, error); return []; }
}
async function displayFeeds() {
  const container = document.getElementById("feed-container"); container.innerHTML = "";
  for (const feed of feeds) {
    const articles = await fetchFeed(feed.url);
    if (articles.length > 0) {
      const feedDiv = document.createElement("div"); feedDiv.className = "feed";
      const listHtml = articles.map(article => `<li>${linkRow(article.link, article.title)}</li>`).join("");
      feedDiv.innerHTML = `<h2>${feed.name}</h2><ul>${listHtml}</ul>`;
      container.appendChild(feedDiv);
    }
  }
}
// Helper to test CVE format
function isCVE(str){ return /^CVE-\d{4}-\d{4,}$/i.test(str); }
// Main CVE search flow
/* ---------- CVE Watcher (IIFE, KEV badge) ---------- */
;(() => {
  if (IS_FILE_ORIGIN) {
    function ensureWatcherButton(){
      let hdr = document.querySelector('header.cve-header');
      if (!hdr){ btn.style.position = 'fixed'; btn.style.top = '60px'; btn.style.right = '12px'; btn.style.zIndex = '1500'; document.body.appendChild(btn); }
      else { hdr.appendChild(btn); }
    }
    if (document.readyState === 'loading'){ document.addEventListener('DOMContentLoaded', ensureWatcherButton); } else { ensureWatcherButton(); }
    return;
  }
  const STORAGE_KEY = 'cveWatcher.list';
  const INTERVAL_KEY = 'cveWatcher.interval';
  const NOTIFIED_KEY = 'cveWatcher.notified';
  const PAGE_SCAN_CAP = 8;
  const KEV_SET_KEY = 'cveWatcher.kevSet';
  const KEV_MAP_KEY = 'cveWatcher.kevMap';
  const KEV_FETCH_KEY = 'cveWatcher.kevFetchedAt';
  const KEV_REFRESH_MINUTES = 60;
  const notified = new Set();
  function loadNotified(){ try { const arr = JSON.parse(localStorage.getItem(NOTIFIED_KEY) || '[]'); if (Array.isArray(arr)) arr.forEach(k => notified.add(k)); } catch {} }
  function persistNotified(){ try { localStorage.setItem(NOTIFIED_KEY, JSON.stringify(Array.from(notified))); } catch {} }
  loadNotified();
  let kevSet = null; let kevMap = null;
  function loadKev(){
    try { const arr = JSON.parse(localStorage.getItem(KEV_SET_KEY) || '[]'); kevSet = new Set(arr.map(s => s.toUpperCase())); } catch { kevSet = new Set(); }
    try { kevMap = JSON.parse(localStorage.getItem(KEV_MAP_KEY) || '{}') || {}; } catch { kevMap = {}; }
  }
  loadKev();
  function minutesSince(ts){ if (!ts) return Infinity; const then = new Date(ts).getTime(); if (Number.isNaN(then)) return Infinity; return (Date.now() - then) / (60*1000); }
  function shouldRefreshKev(){ const last = localStorage.getItem(KEV_FETCH_KEY); return minutesSince(last) >= KEV_REFRESH_MINUTES || !kevSet || kevSet.size === 0; }
  async function refreshKev(){
    try {
      const kevUrl = 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json';
      const text = await fetchTextWithFallback(kevUrl);
      const data = JSON.parse(text);
      const list = Array.isArray(data?.vulnerabilities) ? data.vulnerabilities : [];
      const ids = []; const map = {};
      for (const v of list){
        const cve = String(v.cveID || v.cve_id || '').toUpperCase().replace(/[\u2010-\u2015\u2212]/g, '-');
        if (!cve) continue;
        ids.push(cve);
        map[cve] = { vendor : String(v.vendorProject || '').trim(), product : String(v.product || '').trim(), dateAdded : (v.dateAdded || v.date_added || '').slice(0, 10) };
      }
      kevSet = new Set(ids); kevMap = map;
      localStorage.setItem(KEV_SET_KEY, JSON.stringify(ids));
      localStorage.setItem(KEV_MAP_KEY, JSON.stringify(map));
      localStorage.setItem(KEV_FETCH_KEY, new Date().toISOString());
    } catch (e){ if (!kevSet) kevSet = new Set(); if (!kevMap) kevMap = {}; }
  }
  function isKev(cve){ return kevSet && kevSet.has(cve.toUpperCase()); }
  function kevInfo(cve){ return kevMap && kevMap[cve.toUpperCase()] || null; }
  const btn = document.createElement('button'); btn.id='watcherBtn'; btn.className='btn'; btn.textContent='CVE Watcher';
  function ensureWatcherButton(){
    let hdr = document.querySelector('header.cve-header');
    if (!hdr){ btn.style.position = 'fixed'; btn.style.top = '60px'; btn.style.right = '12px'; btn.style.zIndex = '1500'; document.body.appendChild(btn); }
    else { hdr.appendChild(btn); }
  }
  if (document.readyState === 'loading'){ document.addEventListener('DOMContentLoaded', ensureWatcherButton); } else { ensureWatcherButton(); }
  const overlay = document.createElement('div'); overlay.id='watcher';
  Object.assign(overlay.style, { display:'none', position:'fixed', top:'0', left:'0', width:'100%', height:'100%', background:'rgba(0,0,0,0.7)', alignItems:'center', justifyContent:'center', zIndex:'1300' });
  overlay.innerHTML = `
    <div class="settings-content" role="dialog" aria-modal="true" aria-labelledby="watcherTitle">
      <h2 id="watcherTitle">CVE Watcher</h2>
      <label>CVEs to watch (comma or newline separated)<br><textarea id="watcherList" rows="6" placeholder="CVE-2024-12345\nCVE-2023-99999"></textarea></label>
      <label>Poll interval (minutes, default 30)<br><input id="watcherInterval" type="number" min="5" value="30"></label>
      <div style="display:flex;gap:12px;margin-top:20px;flex-wrap:wrap">
        <button id="watcherSave" class="btn">Save &amp; Start</button>
        <button id="watcherStop" class="btn">Stop</button>
        <button id="watcherCheck" class="btn">Check now</button>
        <button id="watcherReset" class="btn">Reset dedupe</button>
        <button id="watcherKev" class="btn">Refresh KEV</button>
        <button id="watcherClose" class="btn">Close</button>
      </div>
      <p class="meta">Stored locally in your browser (localStorage). Notifications appear on the main view.<br>Dedupe keys persist across sessions—use “Reset dedupe” to re-show hits.<br>KEV badge is informational.</p>
    </div>`;
  document.body.appendChild(overlay);
  const notif = document.createElement('div'); notif.id = 'watcherNotify'; document.body.appendChild(notif);
  function kevBadge(kev){ if (!kev) return ''; return `<span style="display:inline-block;margin-left:8px;padding:2px 6px;border-radius:999px;background:#c62828;color:#fff;font-size:11px;line-height:1;font-weight:600">KEV</span>`; }
  function showNotification(items){
    const dark = document.body.classList.contains('dark');
    notif.innerHTML = items.map(i => {
      const kinfo = i.kev ? kevInfo(i.cve) : null;
      const vendorProductCve = kinfo ? [kinfo.vendor, kinfo.product, i.cve].filter(Boolean).join(' · ') : i.cve;
      const metaLine = `${vendorProductCve}${i.source ? ' · ' + i.source : ''}`;
      return `<div style="background:${dark?'#1e1e1e':'#fff'};color:inherit;border:1px solid ${dark?'var(--border-dark)':'var(--border-light)'};border-radius:8px;padding:12px;margin-top:8px;box-shadow:0 4px 12px rgba(0,0,0,0.2)"><div style="font-weight:600">CVE Watcher hit: ${i.cve}${kevBadge(i.kev)}</div><div style="font-size:13px;margin:6px 0">${linkRow(i.link, 'Source')} · ${metaLine}</div></div>`;
    }).join('');
    notif.style.display='block';
    setTimeout(()=>{ notif.style.display='none'; }, 15000);
  }
  function parseList(raw){ return (raw||'').toUpperCase().split(/[\s,;]+/).map(s=>s.trim()).filter(s=>/^CVE-\d{4}-\d{4,}$/.test(s)); }
  function getSources(){
    return [
      { name:"SecurityWeek", url:"https://www.securityweek.com/feed/" },
      { name:"BleepingComputer", url:"https://www.bleepingcomputer.com/feed/" },
      { name:"SANS Internet Storm Center", url:"https://isc.sans.edu/rssfeed_full.xml" },
      { name:"MSRC Security Update Guide", url:"https://api.msrc.microsoft.com/update-guide/rss" },
      { name:"Dark Reading", url:"https://www.darkreading.com/rss.xml" },
      { name:"Krebs on Security", url:"https://krebsonsecurity.com/feed/" },
      { name:"Help Net Security", url:"https://www.helpnetsecurity.com/feed/" },
      { name:"Securelist (Kaspersky)", url:"https://securelist.com/feed/" },
      { name:"WeLiveSecurity (ESET)", url:"https://www.welivesecurity.com/feed/" },
      { name:"Zero Day Initiative", url:"https://www.zerodayinitiative.com/rss/published/" },
      { name:"Exploit Database", url:"https://www.exploit-db.com/rss.xml" },
      { name:"Unit42 (Palo Alto)", url:"https://unit42.paloaltonetworks.com/feed/" },
      { name:"Security Boulevard", url:"https://securityboulevard.com/feed" },
      { name:"X (Twitter) — Live Search", url:"https://x.com/search?q={{CVE}}&src=recent_search_click&f=live", type:"x" }
    ];
  }
  function norm(text) { return (text || '').replace(/[\u2010\u2011\u2012\u2013\u2014\u2212]/g, '-').toUpperCase(); }
  function buildCveRegex(cve) { const m = cve.match(/^CVE-(\d{4})-(\d{4,})$/i); if (!m) return null; const year = m[1], id = m[2]; return new RegExp(`CVE[\\s\\-]+${year}[\\s\\-]+${id}`, 'i'); }
  async function pageMentionsCve(url, cveUpper){ try { const html = await fetchTextWithFallback(url); const text = norm(new DOMParser().parseFromString(html, 'text/html').documentElement.textContent); const regex = buildCveRegex(cveUpper); return regex ? regex.test(text) : text.includes(norm(cveUpper)); } catch { return false; } }
  async function fetchMentionsForCve(cve){
    const sources = getSources(); const hits = [];
    await Promise.all(sources.map(async s => {
      if (s.type === 'x') {
        const xLink = s.url.replace('{{CVE}}', encodeURIComponent(cve));
        const key = `XSEARCH|${cve}`; if (!notified.has(key)) { notified.add(key); hits.push({ cve, title: `X Live Search for ${cve}`, link: xLink, source: s.name, kev: isKev(cve) }); }
        return;
      }
      try {
        const xml = await fetchTextWithFallback(s.url);
        const doc = new DOMParser().parseFromString(xml, 'application/xml');
        const items = Array.from(doc.querySelectorAll('item, entry')).slice(0, 60);
        const cveUpper = cve.toUpperCase();
        let pageScanBudget = PAGE_SCAN_CAP;
        const itemMentionsCve = (item, cveUpper) => {
          const pick = sel => item.querySelector(sel)?.textContent || '';
          const title = pick('title'); const desc = pick('description') || pick('summary');
          const contentNSq = item.querySelector('content\\:encoded')?.textContent || '';
          const contentNSt = item.getElementsByTagName('content:encoded')?.[0]?.textContent || '';
          const contentNS = contentNSq || contentNSt; const content = contentNS || pick('content');
          const blob = norm(`${title} ${desc} ${content}`);
          const regex = buildCveRegex(cveUpper);
          const matched = regex ? regex.test(blob) : blob.includes(norm(cveUpper));
          return { matched, hasContentEncoded: !!contentNS };
        };
        for (const it of items){
          const title = it.querySelector('title')?.textContent || '';
          const linkNode = it.querySelector('link[href]');
          const rawLink = it.querySelector('link')?.textContent || linkNode?.getAttribute('href') || '#';
          const link = (rawLink || '#').trim();
          const { matched, hasContentEncoded } = itemMentionsCve(it, cveUpper);
          let finalMatch = matched;
          if (!finalMatch && link && link !== '#' && pageScanBudget > 0 && !hasContentEncoded) {
            finalMatch = await pageMentionsCve(link, cveUpper);
            pageScanBudget--;
          }
          if (finalMatch){
            const key = `${cve}|${link}`; if (!notified.has(key)) { notified.add(key); hits.push({ cve, title: title || link, link, source: s.name, kev: isKev(cve) }); }
          }
        }
      } catch {}
    }));
    return hits;
  }
  async function poll(){
    if (shouldRefreshKev()) { await refreshKev(); }
    const list = parseList(localStorage.getItem(STORAGE_KEY));
    if (!list.length) return;
    const allHits = [];
    for (const cve of list){ const hits = await fetchMentionsForCve(cve); allHits.push(...hits); }
    if (allHits.length){
      persistNotified();
      const wc = document.getElementById('watchContent');
      if (wc){
        const html = allHits.map(r => {
          const titleText = `${r.cve}: ${r.title || r.link}`;
          const kinfo = r.kev ? kevInfo(r.cve) : null;
          const vendorProdCve = kinfo ? [kinfo.vendor, kinfo.product, r.cve].filter(Boolean).join(' · ') : r.cve;
          const metaLine = `${vendorProdCve}${r.source ? ' · ' + r.source : ''} · ${new Date().toLocaleString()}`;
          return `<div class="item"><div class="title">${linkRow(r.link, titleText)}${kevBadge(r.kev)}</div><div class="meta">${metaLine}</div></div>`;
        }).join('');
        wc.insertAdjacentHTML('afterbegin', html);
      }
      showNotification(allHits.slice(0,3));
    }
  }
  let timer = null;
  function start(){ const minutes = Math.max(5, Number(localStorage.getItem(INTERVAL_KEY) || 30)); if (timer) clearInterval(timer); timer = setInterval(poll, minutes*60*1000); poll(); }
  function stop(){ if (timer) { clearInterval(timer); timer=null; } }
  btn.addEventListener('click', ()=>{
    document.getElementById('watcherList').value = (localStorage.getItem(STORAGE_KEY) || '');
    document.getElementById('watcherInterval').value = (localStorage.getItem(INTERVAL_KEY) || 30);
    overlay.style.display='flex';
  });
  overlay.addEventListener('click', (e)=>{ if (e.target.id === 'watcher') overlay.style.display='none'; });
  overlay.querySelector('#watcherClose').addEventListener('click', () => overlay.style.display='none');
  overlay.querySelector('#watcherSave').addEventListener('click', ()=>{
    const list = parseList(document.getElementById('watcherList').value);
    localStorage.setItem(STORAGE_KEY, list.join('\n'));
    const interval = Math.max(5, Number(document.getElementById('watcherInterval').value)||30);
    localStorage.setItem(INTERVAL_KEY, String(interval));
    overlay.style.display='none';
    if (typeof toast === 'function') toast(`CVE Watcher saved (${list.length} CVE${list.length!==1?'s':''}; ${interval} min)`);
    start();
  });
  overlay.querySelector('#watcherStop').addEventListener('click', ()=>{ stop(); overlay.style.display='none'; if (typeof toast === 'function') toast('CVE Watcher stopped'); });
  overlay.querySelector('#watcherCheck').addEventListener('click', async ()=>{ if (typeof toast === 'function') toast('Checking now…'); await poll(); if (typeof toast === 'function') toast('Check complete'); });
  overlay.querySelector('#watcherReset').addEventListener('click', ()=>{ notified.clear(); localStorage.removeItem(NOTIFIED_KEY); if (typeof toast === 'function') toast('CVE Watcher dedupe reset — hits will re-show on next check'); });
  overlay.querySelector('#watcherKev').addEventListener('click', async ()=>{ if (typeof toast === 'function') toast('Refreshing KEV…'); await refreshKev(); if (typeof toast === 'function') toast(`KEV refreshed (${kevSet.size} entries)`); });
  if (parseList(localStorage.getItem(STORAGE_KEY)).length){ start(); }
})();
/* ---------- Tabs ---------- */
function switchTab(tabIndex) {
  const tabs = [document.getElementById('tab1'), document.getElementById('tab2')];
  document.querySelectorAll('nav button').forEach((btn, i) => { btn.classList.toggle('active', i === tabIndex); });
  tabs.forEach((tab, i) => { tab.classList.toggle('active', i === tabIndex); });

  // ✅ if switching to Tab 2, refresh feeds once
  if (tabIndex === 1) {
    maybeRefreshFeeds();
  }
}
/* ---------- Search bindings ---------- */
function handleSearch() {
  try {
    const inputEl = document.getElementById('cve');
    const v = (inputEl?.value || '').trim();
    if (!v) { toast('Please enter a CVE or vendor/product'); return; }
    isCVE(v) ? runSearch() : runVendorProductSearch(v);
  } catch (e) {
    console.error('handleSearch error:', e);
    toast('Search failed — check console for details.');
  }
}
function bindSearchHandlers() {
  try {
    const btn = document.getElementById('go'); const input = document.getElementById('cve');
    if (btn) { btn.onclick = null; btn.addEventListener('click', handleSearch); }
    if (input) { input.addEventListener('keydown', (e) => { if (e.key === 'Enter') { e.preventDefault(); handleSearch(); } }); }
  } catch (e) { console.error('bindSearchHandlers error:', e); }
}

/* ---------- Clear ---------- */
// --- Clear CVE-only fields (leave Watcher & feeds alone) ---
function clearCveFields() {
  try {
    // Input
    const inputEl = document.getElementById('cve');
    if (inputEl) inputEl.value = '';

    // CVE Details panel
    const cveContent = document.getElementById('cveContent');
    if (cveContent) {
      cveContent.innerHTML = '<div class="meta">Enter a CVE or Vendor/Product and click Run.</div>';
    }

    // Notable Sources & References
    const sourcesContent = document.getElementById('sourcesContent');
    if (sourcesContent) {
      sourcesContent.innerHTML = '<div class="meta">Will appear after running a CVE.</div>';
    }

    // Relevant Searches
    const searchLinks = document.getElementById('searchLinks');
    if (searchLinks) {
      searchLinks.innerHTML = '<div class="meta">Enter a term above and click Run to populate links.</div>';
    }

    // Hide any loading overlay if visible
    const loadingEl = document.getElementById('loading');
    if (loadingEl) loadingEl.style.display = 'none';

    // Reset AI analysis context and close modal if open
    if (typeof __lastAnalysisContext !== 'undefined') {
      __lastAnalysisContext = null;
    }
    if (typeof closeAnalysisModal === 'function') {
      closeAnalysisModal();
    }
    const analysisBody = document.getElementById('analysisBody');
    const analysisStatus = document.getElementById('analysisStatus');
    if (analysisBody) analysisBody.textContent = '';
    if (analysisStatus) analysisStatus.textContent = 'Preparing analysis…';

    // IMPORTANT: Do NOT touch Exploitation Watch (#watchContent),
    // VulnCheck panel (#vulncheckContent), or any cveWatcher.* localStorage keys.
    // This preserves the Watcher state and recent feed results.

    toast('CVE fields cleared');
  } catch (e) {
    console.error('clearCveFields error:', e);
    toast('Clear failed — check console for details.');
  }
}

// --- Bind the Clear button on DOM ready (or add to your existing bindings) ---
document.addEventListener('DOMContentLoaded', () => {
  const clearBtn = document.getElementById('clearCve');
  if (clearBtn) {
    clearBtn.addEventListener('click', clearCveFields);
  }
});
 
/* ---------- Init ---------- */

document.addEventListener("DOMContentLoaded", () => {
  initTheme();
  loadVulnCheck();
  loadExploitationWatch();
  displayFeeds();
  initInlineAnalysis();
  bindSearchHandlers();
  maybeRefreshFeeds(); // only if Tab 2 is active
  
  document.getElementById("go").addEventListener("click", handleSearch);
  document.getElementById("cve").addEventListener("keydown", e => {
    if (e.key === "Enter") { e.preventDefault(); handleSearch(); }
  });
  document.getElementById("closeModal")?.addEventListener("click", () => {
    document.getElementById("attackModal").style.display = "none";
  });

  // ✅ Auto-refresh intervals
  setInterval(loadExploitationWatch, 15 * 60 * 1000); // every 15 minutes
  setInterval(loadVulnCheck, 60 * 60 * 1000);         // every hour
  setInterval(maybeRefreshFeeds, 10 * 60 * 1000);
 
});
</script>
</body>
</html>