Threats Module¶
Status: shipped (Phase 4, Steps 1–10) Frontend route:
/threatsBackend prefix:/api/v1/threats
A 10-step iterative upgrade modelled on the legal-document module. Each step ships independently end-to-end (backend + UI) and is independently verifiable.
Translation
This is a condensed English reference. The full Chinese version is the authoritative one — switch to 简体中文 with the language picker (top right).
Purpose¶
A single workspace for game-IP owners to triage, evidence, and act on infringement signals flowing into the portal:
- Detect → Triage → Evidence → Action → Escalate → Close (6-stage pipeline)
- One-click pivots: pull evidence chain / draft legal doc / promote-to-private-server · link-actor
- AI summary + live activity feed for situational awareness
- Bulk close / restore / CSV export
- Multi-tenant:
tenant_adminsees only itsportal_publications;super_adminsees the global pool.
Step ledger¶
| Step | Scope | Deliverable |
|---|---|---|
| 0 | Shared primitives | lib/tone.ts + lib/format.ts + 5 components/ui building blocks (ModalShell, KpiTile, …) |
| 1 | Hero rewrite | 6 KpiTile cards + 24h live banner + 7-day MiniSparkline (delta colour via prev_7d) |
| 2 | Pipeline | ThreatPipeline.tsx — 6 stage cards with flow connectors; clicking a stage filters the list |
| 3 | Filter bar | MultiSelectPopover + DateRangePopover + SavedQueriesDropdown (localStorage); URL sync |
| 4 | Bulk operations | Sticky toolbar (selected count, bulk close, bulk restore, CSV export); routed via POST /threats/bulk |
| 5 | Detail drawer | ThreatDetailDrawer.tsx — KPIs + metadata + 3 action buttons; replaces old preview modal |
| 6 | Evidence sub-modal | ThreatEvidenceModal.tsx + /threats/:id/evidence (+ ZIP bundle with manifest.json + SHA-256) |
| 7 | Legal handoff sub-modal | ThreatToLegalModal.tsx + POST /legal-docs/draft (transactional: doc + publication) |
| 8 | Promote sub-modal | ThreatPromoteModal.tsx + POST /threats/:id/promote (private_server OR actor; jsonb stamping) |
| 9 | AI summary + activity feed | ThreatAISummary.tsx + ThreatActivityFeed.tsx + GET /threats/ai-summary + /threats/activity |
| 10 | Verification + docs | Route-registration test + reference doc |
Key API endpoints¶
| Method | Path | Notes |
|---|---|---|
| GET | /api/v1/threats |
list with filters (search / platform / stage / risk / dates) |
| GET | /api/v1/threats/stats |
hero KPIs + by_type / by_risk / by_platform / by_game |
| GET | /api/v1/threats/:id |
full threat |
| GET | /api/v1/threats/:id/evidence |
linked evidence items |
| GET | /api/v1/threats/:id/evidence-bundle |
ZIP of all evidence + manifest |
| POST | /api/v1/threats/:id/promote |
promote → private_server or actor |
| GET | /api/v1/threats/:id/promote-candidates |
autocomplete actor candidates |
| GET | /api/v1/threats/activity |
merged activity feed (5 sources) |
| GET | /api/v1/threats/ai-summary |
templated summary model: "stats-derived/v1" |
| POST | /api/v1/threats/bulk |
bulk close / restore |
| POST | /api/v1/legal-docs/draft |
turn threat into legal draft (transactional) |
Open work¶
- AI summary is templated (
stats-derived/v1) — swap to a real LLM by replacing the function body; payload shape stays. - LLM second-pass classifier wiring (
/sync/threats/pending-llm) runs against DGX vLLM Gemma-4.
For full details, switch to 简体中文 in the language picker (top right).