Skip to content

Threats Module

Status: shipped (Phase 4, Steps 1–10) Frontend route: /threats Backend prefix: /api/v1/threats

A 10-step iterative upgrade modelled on the legal-document module. Each step ships independently end-to-end (backend + UI) and is independently verifiable.

Translation

This is a condensed English reference. The full Chinese version is the authoritative one — switch to 简体中文 with the language picker (top right).


Purpose

A single workspace for game-IP owners to triage, evidence, and act on infringement signals flowing into the portal:

  • Detect → Triage → Evidence → Action → Escalate → Close (6-stage pipeline)
  • One-click pivots: pull evidence chain / draft legal doc / promote-to-private-server · link-actor
  • AI summary + live activity feed for situational awareness
  • Bulk close / restore / CSV export
  • Multi-tenant: tenant_admin sees only its portal_publications; super_admin sees the global pool.

Step ledger

Step Scope Deliverable
0 Shared primitives lib/tone.ts + lib/format.ts + 5 components/ui building blocks (ModalShell, KpiTile, …)
1 Hero rewrite 6 KpiTile cards + 24h live banner + 7-day MiniSparkline (delta colour via prev_7d)
2 Pipeline ThreatPipeline.tsx — 6 stage cards with flow connectors; clicking a stage filters the list
3 Filter bar MultiSelectPopover + DateRangePopover + SavedQueriesDropdown (localStorage); URL sync
4 Bulk operations Sticky toolbar (selected count, bulk close, bulk restore, CSV export); routed via POST /threats/bulk
5 Detail drawer ThreatDetailDrawer.tsx — KPIs + metadata + 3 action buttons; replaces old preview modal
6 Evidence sub-modal ThreatEvidenceModal.tsx + /threats/:id/evidence (+ ZIP bundle with manifest.json + SHA-256)
7 Legal handoff sub-modal ThreatToLegalModal.tsx + POST /legal-docs/draft (transactional: doc + publication)
8 Promote sub-modal ThreatPromoteModal.tsx + POST /threats/:id/promote (private_server OR actor; jsonb stamping)
9 AI summary + activity feed ThreatAISummary.tsx + ThreatActivityFeed.tsx + GET /threats/ai-summary + /threats/activity
10 Verification + docs Route-registration test + reference doc

Key API endpoints

Method Path Notes
GET /api/v1/threats list with filters (search / platform / stage / risk / dates)
GET /api/v1/threats/stats hero KPIs + by_type / by_risk / by_platform / by_game
GET /api/v1/threats/:id full threat
GET /api/v1/threats/:id/evidence linked evidence items
GET /api/v1/threats/:id/evidence-bundle ZIP of all evidence + manifest
POST /api/v1/threats/:id/promote promote → private_server or actor
GET /api/v1/threats/:id/promote-candidates autocomplete actor candidates
GET /api/v1/threats/activity merged activity feed (5 sources)
GET /api/v1/threats/ai-summary templated summary model: "stats-derived/v1"
POST /api/v1/threats/bulk bulk close / restore
POST /api/v1/legal-docs/draft turn threat into legal draft (transactional)

Open work

  • AI summary is templated (stats-derived/v1) — swap to a real LLM by replacing the function body; payload shape stays.
  • LLM second-pass classifier wiring (/sync/threats/pending-llm) runs against DGX vLLM Gemma-4.

For full details, switch to 简体中文 in the language picker (top right).