Upload 2 files

app.py

@@ -0,0 +1,1503 @@
+import streamlit as st
+from typing import List, Dict, Any, TypedDict, Optional, Tuple
+from dataclasses import dataclass
+from datetime import datetime
+import json
+import ipaddress
+import os
+try:
+    import requests
+except Exception:
+    requests = None
+
+# Optional libraries
+try:
+    from duckduckgo_search import DDGS
+except Exception:
+    DDGS = None
+
+try:
+    from PyPDF2 import PdfReader
+except Exception:
+    PdfReader = None
+
+try:
+    import docx
+except Exception:
+    docx = None
+
+try:
+    import olefile
+except Exception:
+    olefile = None
+
+try:
+    from mutagen import File as MutagenFile
+except Exception:
+    MutagenFile = None
+
+try:
+    from rapidfuzz import fuzz
+except Exception:
+    fuzz = None
+
+try:
+    import exifread
+except Exception:
+    exifread = None
+
+try:
+    import networkx as nx
+except Exception:
+    nx = None
+
+try:
+    from pyvis.network import Network
+except Exception:
+    Network = None
+
+try:
+    from sentence_transformers import SentenceTransformer
+except Exception:
+    SentenceTransformer = None
+
+try:
+    from jinja2 import Template
+except Exception:
+    Template = None
+
+# ---------------------------
+# Config & Styles
+# ---------------------------
+st.set_page_config(page_title="OSINT Investigator", layout="wide")
+
+HIDE_STREAMLIT_STYLE = """
+    <style>
+    #MainMenu {visibility: hidden;}
+    footer {visibility: hidden;}
+    .small {font-size: 0.85rem; color: #666}
+    code {white-space: pre-wrap;}
+    /* Floating Chat Styles */
+    .chat-window {position: fixed; bottom: 20px; right: 20px; width: 360px; max-height: 560px; background:#1c1c1c; border:1px solid #444; border-radius:14px; z-index:1000; display:flex; flex-direction:column; box-shadow:0 8px 24px rgba(0,0,0,.55);}
+    .chat-header {padding:8px 12px; display:flex; align-items:center; gap:8px; border-bottom:1px solid #333; background:#222; border-top-left-radius:14px; border-top-right-radius:14px;}
+    .chat-header .title {font-weight:600; color:#ffcc66;}
+    .chat-close {margin-left:auto; cursor:pointer; font-weight:700; color:#bbb;}
+    .chat-close:hover {color:#fff;}
+    .chat-messages {padding:10px 12px; overflow-y:auto; flex:1; font-size:0.8rem;}
+    .chat-messages p {margin:0 0 10px;}
+    .msg-user {color:#fff;}
+    .msg-bot {color:#ffcc66; font-style:italic;}
+    .chat-input {padding:8px 10px; border-top:1px solid #333; background:#181818; border-bottom-left-radius:14px; border-bottom-right-radius:14px;}
+    .chat-input textarea {font-size:0.75rem !important;}
+    .badge-action {display:inline-block; background:#333; color:#ffcc66; padding:2px 6px; margin:2px 4px 6px 0; border-radius:6px; font-size:0.6rem; cursor:pointer;}
+    .badge-action:hover {background:#444;}
+    .chat-mini-btn {position:fixed; bottom:20px; right:20px; width:62px; height:62px; border-radius:50%; background:#222; border:2px solid #ffcc66; display:flex; align-items:center; justify-content:center; font-size:30px; cursor:pointer; z-index:999; box-shadow:0 0 8px rgba(0,0,0,.6);} 
+    .chat-mini-btn:hover {background:#333;}
+    /* App Enhancements */
+    .app-brand-bar {display:flex; align-items:center; gap:14px; padding:8px 18px 4px 8px; border-bottom:1px solid #262626; margin:-1rem -1rem 1.2rem -1rem; background:linear-gradient(90deg,#141414,#181818);}
+    .app-brand-title {font-size:1.35rem; font-weight:600; letter-spacing:.5px; color:#ffcc66;}
+    .app-badge {display:inline-block; padding:2px 8px; border-radius:12px; font-size:0.65rem; font-weight:600; text-transform:uppercase; letter-spacing:.5px; margin-right:6px; background:#222; border:1px solid #333; color:#bbb;}
+    .level-high {background:#11391f; border-color:#1f6d3b; color:#3ddc84;}
+    .level-medium {background:#3a2e12; border-color:#72581a; color:#ffcf66;}
+    .level-low {background:#3a1616; border-color:#7a2727; color:#ff6b6b;}
+    .metric-row {margin-top:.4rem;}
+    .stDataFrame {border:1px solid #262626; border-radius:10px; overflow:hidden;}
+    .styled-section {background:#141414; border:1px solid #2a2a2a; padding:1rem 1.2rem; border-radius:14px; box-shadow:0 0 0 1px #111 inset, 0 4px 18px -8px #000;} 
+    .kpi-grid div[data-testid='metric-container'] {background:#181818; border:1px solid #262626; border-radius:12px; padding:.75rem;} 
+    .kpi-grid div[data-testid='stMetric'] {padding:.25rem .5rem .35rem .5rem;} 
+    .plan-expander summary {font-weight:600; letter-spacing:.5px;}
+    .report-btn button {background:#ffcc66 !important; color:#111 !important; font-weight:600;}
+    .stDownloadButton button {border-radius:10px;}
+    .stTextInput input, .stTextArea textarea {border-radius:10px !important;}
+    .stTabs [data-baseweb='tab-list'] {gap:4px;}
+    .stTabs [data-baseweb='tab'] {background:#161616; padding:.5rem .9rem; border-radius:10px; border:1px solid #262626;}
+    .stTabs [data-baseweb='tab']:hover {background:#1d1d1d;}
+    .stTabs [aria-selected='true'] {background:#222 !important; border-color:#444 !important;}
+    .section-title {font-size:1.05rem; font-weight:600; letter-spacing:.5px; margin-bottom:.35rem;}
+    .sticky-toolbar {position:sticky; top:0; z-index:50; background:linear-gradient(90deg,#181818,#141414); padding:.4rem .6rem; border:1px solid #262626; border-radius:10px; margin-bottom:.6rem; box-shadow:0 6px 12px -8px rgba(0,0,0,.6);} 
+    .sticky-toolbar button {margin-right:.35rem;}
+    .score-table {width:100%; border-collapse:collapse; font-size:0.75rem;}
+    .score-table th {text-align:left; padding:6px 8px; background:#202020; position:sticky; top:0; z-index:2;}
+    .score-table td {padding:6px 8px; border-top:1px solid #262626; vertical-align:top;}
+    .badge {display:inline-block; padding:2px 7px; border-radius:10px; font-size:0.6rem; font-weight:600; letter-spacing:.5px;}
+    .badge.high {background:#11391f; color:#3ddc84;}
+    .badge.medium {background:#3a2e12; color:#ffcf66;}
+    .badge.low {background:#3a1616; color:#ff6b6b;}
+    .methodology-box {background:#141414; border:1px solid #262626; padding:.8rem 1rem; border-radius:12px; font-size:0.8rem; line-height:1.25rem;}
+    body.light-mode, .light-mode [data-testid='stAppViewContainer'] {background:#f6f7f9; color:#222;}
+    .light-mode .app-brand-bar {background:linear-gradient(90deg,#fafafa,#eceff1); border-color:#d8dadd;}
+    .light-mode .app-brand-title {color:#7a4d00;}
+    .light-mode .app-badge {background:#fff; border-color:#d1d4d8; color:#555;}
+    .light-mode .sticky-toolbar {background:linear-gradient(90deg,#fff,#f3f5f7); border-color:#d8dade;}
+    .light-mode .score-table th {background:#eceff1;}
+    .light-mode .score-table td {border-color:#d9dde1;}
+    .light-mode .badge.high {background:#d8f5e6; color:#0d7a3d;}
+    .light-mode .badge.medium {background:#fbeccb; color:#8a6500;}
+    .light-mode .badge.low {background:#fbd5d5; color:#b80000;}
+    .light-mode .stTabs [data-baseweb='tab'] {background:#f5f6f7; border-color:#d9dde1;}
+    .light-mode .stTabs [aria-selected='true'] {background:#ffffff !important; border-color:#b9bdc1 !important;}
+    /* Skeleton / Shimmer */
+    @keyframes shimmer {0% {transform:translateX(-60%);} 100% {transform:translateX(120%);} }
+    .skeleton-block {position:relative; overflow:hidden; background:#1e1e1e; border-radius:6px; margin:4px 0;}
+    .skeleton-block.light-mode {background:#e2e5e9;}
+    .skeleton-block::after {content:""; position:absolute; top:0; left:0; height:100%; width:50%; background:linear-gradient(90deg, rgba(255,255,255,0), rgba(255,255,255,.15), rgba(255,255,255,0)); animation:shimmer 1.25s infinite;}
+    .sk-line-sm {height:10px;}
+    .sk-line-md {height:14px;}
+    .sk-line-lg {height:22px;}
+    .sk-fade {animation:fadeIn .3s ease-in;}
+    @keyframes fadeIn {from {opacity:0;} to {opacity:1;}}
+    </style>
+"""
+
+st.markdown(HIDE_STREAMLIT_STYLE, unsafe_allow_html=True)
+st.markdown("""
+<head>
+<link rel='icon' type='image/svg+xml' href="data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 64 64'><circle fill='%23111' cx='32' cy='32' r='32'/><path fill='%23ffcc66' d='M12 38l4-14h32l4 14H12zm8 4h24c0 6-6 10-12 10s-12-4-12-10zM24 18c0-4 4-8 8-8s8 4 8 8v4H24v-4z'/></svg>">
+<meta name='description' content='OSINT Investigator Suite - AI-augmented open source intelligence enumeration & scoring platform.'>
+<meta name='viewport' content='width=device-width, initial-scale=1'>
+</head>
+""", unsafe_allow_html=True)
+if st.session_state.get("settings", {}).get("light_mode"):
+    st.markdown("""<script>const b=window.parent.document.querySelector('body'); if(b&&!b.classList.contains('light-mode')) b.classList.add('light-mode');</script>""", unsafe_allow_html=True)
+else:
+    st.markdown("""<script>const b=window.parent.document.querySelector('body'); if(b) b.classList.remove('light-mode');</script>""", unsafe_allow_html=True)
+
+# ---------------------------
+# Sidebar: Settings
+# ---------------------------
+def _get_settings() -> Dict[str, Any]:
+    with st.sidebar:
+        st.header("Settings")
+        model = st.selectbox(
+            "Advisor model (CPU-friendly)",
+            [
+                "qwen2.5-1.5b-instruct",
+                "phi-3-mini-4k-instruct",
+                "gemma-2-2b-it",
+            ],
+            index=0,
+            key="advisor_model_select",
+            help="Choose which free local LLM to use for advisor suggestions."
+        )
+        max_per = st.slider(
+            "Default max results per dork",
+            min_value=3,
+            max_value=50,
+            value=10,
+            step=1,
+            key="default_max_results",
+            help="Used as the default when executing dorks in Step 4."
+        )
+        logging = st.checkbox(
+            "Enable audit logging",
+            value=True,
+            key="enable_audit_logging",
+            help="If off, actions won't be written to the audit trail."
+        )
+        use_embeddings = st.checkbox(
+            "Enable semantic similarity (embeddings)",
+            value=False,
+            key="enable_embeddings",
+            help="Loads a small sentence-transformer to boost scoring by context relevance."
+        )
+        light_mode = st.checkbox(
+            "Light mode UI override",
+            value=False,
+            key="light_mode_toggle",
+            help="Apply a lighter palette without reloading base theme"
+        )
+        return {"model": model, "max_per": max_per, "logging": logging, "light_mode": light_mode}
+
+SETTINGS = _get_settings()
+st.session_state["settings"] = SETTINGS
+st.session_state.setdefault("_embed_model", None)
+
+# ---------------------------
+# Google Dorks (typed catalog for many entities)
+# ---------------------------
+class TypedDork(TypedDict):
+    q: str
+    type: str
+    why: str
+
+# Dork category glossary (shown in explainer)
+DORK_TYPES: Dict[str, str] = {
+    "Footprinting": "Map surface area: sites/subdomains, logins, admin panels, basic presence.",
+    "Directory/Index": "Hunt for open listings or auto-generated indexes exposing files.",
+    "Docs/Collab": "Live docs/boards accidentally exposed (docs.google, Trello, etc.).",
+    "Code/Repo": "Public repos that may contain references, issues, or credentials.",
+    "Credentials/Secrets": "Clues that hint at passwords/keys or places leaks may exist.",
+    "Exposure/Leak": "Mentions of breaches, leaks, or dumps involving the entity.",
+    "People/Profiles": "Official bios, resumes/CVs, speaker pages, researcher profiles.",
+    "Social Activity": "Usernames/handles across social and developer communities.",
+    "Regulatory/Legal": "Filings and official records (e.g., SEC/EDGAR).",
+    "Incidents/Risk": "Incident reports, outages, protests, negative events.",
+    "Academic/Research": "Scholarly/technical works tied to a name or org.",
+}
+
+# ---- Typed dork builders ----
+
+def typed_dorks_for_email(email: str) -> List[TypedDork]:
+    user, dom = (email.split("@", 1) + [""])[:2]
+    return [
+        {"q": f'"{email}"', "type": "Footprinting", "why": "Exact email mentions across the web."},
+        {"q": f'intext:"{email}"', "type": "Footprinting", "why": "Mentions inside page bodies."},
+        {"q": f'intext:"{user}" intext:"{dom}"', "type": "Footprinting", "why": "Mentions with split user/domain."},
+        {"q": f'site:{dom} intext:"@{dom}"', "type": "Footprinting", "why": "Emails published on the same domain."},
+        {"q": f'"{email}" filetype:pdf OR filetype:doc OR filetype:xls OR filetype:csv', "type": "Docs/Collab", "why": "Docs that may expose PII/roles."},
+        {"q": f'"{email}" site:github.com OR site:gitlab.com', "type": "Code/Repo", "why": "Commits/issues referencing the email."},
+        {"q": f'"{email}" site:gravatar.com', "type": "People/Profiles", "why": "Avatar/profile tied to the email hash."},
+        {"q": f'"{email}" site:pastebin.com OR site:ghostbin.com OR site:hastebin.com', "type": "Exposure/Leak", "why": "Common paste sites for leaks."},
+        {"q": f'"{email}" inurl:wp- OR inurl:wp-content OR inurl:wp-config', "type": "Directory/Index", "why": "WordPress artifacts sometimes leak emails."},
+        {"q": f'"{email}" AROUND(3) "password"', "type": "Credentials/Secrets", "why": "Heuristic for password-adjacent mentions."},
+    ]
+
+
+def typed_dorks_for_domain(d: str) -> List[TypedDork]:
+    return [
+        {"q": f"site:{d} -www", "type": "Footprinting", "why": "Apex domain excluding www."},
+        {"q": f"site:*.{d} -www", "type": "Footprinting", "why": "Enumerate subdomains exposed to crawlers."},
+        {"q": f'"@{d}"', "type": "Footprinting", "why": "Emails belonging to the domain across the web."},
+        {"q": f'site:linkedin.com "{d}"', "type": "People/Profiles", "why": "Employees listing org domain."},
+        {"q": f'site:github.com "{d}"', "type": "Code/Repo", "why": "Repositories/issues referencing the domain."},
+        {"q": f'site:gitlab.com "{d}"', "type": "Code/Repo", "why": "Alternate forge often used by teams."},
+        {"q": f'site:docs.google.com "{d}"', "type": "Docs/Collab", "why": "Potentially exposed Google Docs/Sheets/Slides."},
+        {"q": f'site:trello.com "{d}"', "type": "Docs/Collab", "why": "Public Trello boards occasionally misconfigured."},
+        {"q": f'"{d}" filetype:pdf OR filetype:doc OR filetype:xls OR filetype:ppt OR filetype:csv', "type": "Docs/Collab", "why": "Documents with the org name/domain."},
+        {"q": f"site:{d} inurl:login OR inurl:admin OR inurl:signup", "type": "Footprinting", "why": "Auth surfaces (discovery only)."},
+        {"q": f'site:{d} intitle:"index of"', "type": "Directory/Index", "why": "Open directory listings on that domain."},
+        {"q": f"site:{d} ext:env OR ext:.git OR ext:git-credentials OR ext:sql OR ext:log", "type": "Credentials/Secrets", "why": "Common secret-bearing file extensions."},
+        {"q": f'"{d}" breach OR leak OR "data exposure"', "type": "Exposure/Leak", "why": "Press and trackers mentioning exposures."},
+    ]
+
+
+def typed_dorks_for_ip(ip: str) -> List[TypedDork]:
+    return [
+        {"q": f'"{ip}"', "type": "Footprinting", "why": "Places where the raw IP is printed or logged."},
+        {"q": f'intext:"{ip}"', "type": "Footprinting", "why": "Body text mentions (forums, logs)."},
+        {"q": f'"{ip}" filetype:log OR filetype:txt', "type": "Directory/Index", "why": "Exposed logs referencing the IP."},
+        {"q": f'"{ip}" blacklist OR abuse', "type": "Incidents/Risk", "why": "Blacklist/abuse mentions and reports."},
+        {"q": f'"{ip}" intitle:"index of"', "type": "Directory/Index", "why": "Open indexes listing files with that IP."},
+    ]
+
+
+def typed_dorks_for_username(u: str) -> List[TypedDork]:
+    return [
+        {"q": f'"{u}"', "type": "Footprinting", "why": "Exact handle mentions across the web."},
+        {"q": f'"{u}" site:twitter.com OR site:x.com OR site:reddit.com OR site:github.com OR site:stackexchange.com', "type": "Social Activity", "why": "Find consistent identity across major platforms."},
+        {"q": f'"{u}" site:medium.com OR site:substack.com', "type": "People/Profiles", "why": "Author pages tied to the handle."},
+        {"q": f'"{u}" site:keybase.io', "type": "People/Profiles", "why": "Cryptographic identity/proofs."},
+        {"q": f'"{u}" inurl:users OR inurl:profile', "type": "Footprinting", "why": "Generic user profile URLs."},
+        {"q": f'"{u}" filetype:pdf resume OR "curriculum vitae"', "type": "People/Profiles", "why": "CVs/resumes listing the handle."},
+        {"q": f'"{u}" AROUND(3) email', "type": "People/Profiles", "why": "Correlate handle to emails in bios/posts."},
+        {"q": f'"{u}" avatar OR "profile photo"', "type": "People/Profiles", "why": "Images tied to the identity."},
+    ]
+
+
+def typed_dorks_for_person(name: str) -> List[TypedDork]:
+    return [
+        {"q": f'"{name}"', "type": "Footprinting", "why": "Exact full-name mentions."},
+        {"q": f'"{name}" site:linkedin.com', "type": "People/Profiles", "why": "Primary professional profile."},
+        {"q": f'"{name}" filetype:pdf resume OR "curriculum vitae"', "type": "People/Profiles", "why": "Resume/CV documents."},
+        {"q": f'"{name}" conference OR talk OR keynote', "type": "People/Profiles", "why": "Speaker bios and conference pages."},
+        {"q": f'"{name}" site:github.com OR site:gitlab.com', "type": "Code/Repo", "why": "Developer activity tied to the name."},
+        {"q": f'"{name}" site:researchgate.net OR site:scholar.google.com', "type": "Academic/Research", "why": "Scholarly output."},
+        {"q": f'"{name}" site:medium.com OR site:substack.com', "type": "People/Profiles", "why": "Editorial/social writing."},
+        {"q": f'"{name}" "email" OR "contact"', "type": "People/Profiles", "why": "Pages listing contact info."},
+    ]
+
+
+def typed_dorks_for_org(org: str) -> List[TypedDork]:
+    return [
+        {"q": f'"{org}" site:sec.gov OR site:edgar', "type": "Regulatory/Legal", "why": "Official SEC/EDGAR filings."},
+        {"q": f'"{org}" contract award OR RFP OR "sources sought"', "type": "Regulatory/Legal", "why": "Gov procurement history and notices."},
+        {"q": f'"{org}" breach OR incident OR "data exposure"', "type": "Incidents/Risk", "why": "News/trackers about incidents/leaks."},
+        {"q": f'"{org}" site:linkedin.com', "type": "People/Profiles", "why": "Employees and org page."},
+        {"q": f'"{org}" site:github.com OR site:gitlab.com', "type": "Code/Repo", "why": "Public repos under org name."},
+        {"q": f'"{org}" filetype:pdf OR filetype:doc OR filetype:ppt OR filetype:xls', "type": "Docs/Collab", "why": "Documents carrying org name."},
+        {"q": f'"{org}" site:docs.google.com OR site:trello.com', "type": "Docs/Collab", "why": "Potentially exposed docs/boards."},
+    ]
+
+
+def typed_dorks_for_location(loc: str) -> List[TypedDork]:
+    return [
+        {"q": f'"{loc}" incident OR protest OR outage', "type": "Incidents/Risk", "why": "Events/incidents tied to the place."},
+        {"q": f'"{loc}" satellite imagery OR "before after"', "type": "Footprinting", "why": "Imagery context for geospatial checks."},
+        {"q": f'"{loc}" site:news', "type": "Incidents/Risk", "why": "Recent news mentions for the place."},
+        {"q": f'"{loc}" filetype:pdf report', "type": "Docs/Collab", "why": "Reports that reference the location."},
+    ]
+
+
+def typed_dorks_for_file(desc: str) -> List[TypedDork]:
+    return [
+        {"q": f'"{desc}" filetype:pdf OR filetype:doc OR filetype:xls OR filetype:ppt OR filetype:csv', "type": "Docs/Collab", "why": "Document hunting by keyword."},
+        {"q": f'"{desc}" site:archive.org', "type": "Docs/Collab", "why": "Wayback/Archive artifacts."},
+        {"q": f'"{desc}" intitle:"index of"', "type": "Directory/Index", "why": "Open listings that may contain files."},
+    ]
+
+TYPED_DORK_MAP: Dict[str, Any] = {
+    "Email Address": typed_dorks_for_email,
+    "Domain / Website": typed_dorks_for_domain,
+    "IP Address": typed_dorks_for_ip,
+    "Username / Handle": typed_dorks_for_username,
+    "Named Individual": typed_dorks_for_person,
+    "Organization / Company": typed_dorks_for_org,
+    "Location": typed_dorks_for_location,
+    "File / Image": typed_dorks_for_file,
+}
+
+# ---------------------------
+# STEP 1: Explainer
+# ---------------------------
+def render_dorks_explainer(entity_type: str, entity_value: str):
+    st.subheader("Step 1: Dork Explainer")
+    st.caption("These are categorized OSINT search operators. Copy/paste into Google if you like; this app automates via DuckDuckGo to respect ToS.")
+    with st.expander("Dork categories explained", expanded=False):
+        for t, desc in DORK_TYPES.items():
+            st.markdown(f"**{t}** — {desc}")
+
+    builder = TYPED_DORK_MAP.get(entity_type)
+    typed = builder(entity_value) if (builder and entity_value) else []
+    if not typed:
+        st.info("Enter an entity value above to see a tailored catalog.")
+        return
+    for d in typed:
+        st.markdown(f"- **[{d['type']}]** `{d['q']}`")
+        st.markdown(f"  <span class='small'>{d['why']}</span>", unsafe_allow_html=True)
+
+# ---------------------------
+# STEP 2: Advisor (LLM-powered with rules fallback)
+# ---------------------------
+
+# Goal weights for rules-based fallback / blending
+GOAL_WEIGHTS: Dict[str, Dict[str, int]] = {
+    "Map footprint / surface": {"Footprinting": 3, "Directory/Index": 2},
+    "Find documents & spreadsheets": {"Docs/Collab": 3, "Directory/Index": 2},
+    "Discover code & credentials": {"Code/Repo": 3, "Credentials/Secrets": 3, "Directory/Index": 2},
+    "Identify breaches/leaks": {"Exposure/Leak": 3, "Credentials/Secrets": 2},
+    "Find people & org info": {"People/Profiles": 3, "Regulatory/Legal": 2},
+    "Track incidents / risk": {"Incidents/Risk": 3},
+    "Academic/technical trails": {"Academic/Research": 3},
+}
+DEFAULT_GOALS = list(GOAL_WEIGHTS.keys())
+
+MODEL_ID_MAP = {
+    "qwen2.5-1.5b-instruct": "Qwen/Qwen2.5-1.5B-Instruct",
+    "phi-3-mini-4k-instruct": "microsoft/phi-3-mini-4k-instruct",
+    "gemma-2-2b-it": "google/gemma-2-2b-it",
+}
+
+# ---------------------------
+# Known Facts Model
+# ---------------------------
+@dataclass
+class KnownFacts:
+    handles: List[str]
+    real_names: List[str]
+    emails: List[str]
+    domains: List[str]
+    ips: List[str]
+    locations: List[str]
+    orgs: List[str]
+    context: str
+
+    @classmethod
+    def from_session(cls) -> "KnownFacts":
+        return st.session_state.get("known_facts") or cls([], [], [], [], [], [], [], "")
+
+def _parse_csv(s: str) -> List[str]:
+    return [x.strip() for x in (s or "").split(",") if x.strip()]
+
+def _known_facts_ui():
+    st.subheader("Known Facts / Prior Intelligence")
+    st.caption("Provide what you already know. This seeds scoring & generation.")
+    col_a, col_b, col_c = st.columns(3)
+    with col_a:
+        handles = st.text_area("Handles / Usernames (comma)", key="kf_handles", height=70)
+        emails = st.text_area("Emails (comma)", key="kf_emails", height=70)
+        ips = st.text_area("IP addresses (comma)", key="kf_ips", height=70)
+    with col_b:
+        real_names = st.text_area("Real Names (comma)", key="kf_real_names", height=70, help="Full names or key name variants")
+        domains = st.text_area("Domains (comma)", key="kf_domains", height=70)
+        orgs = st.text_area("Organizations (comma)", key="kf_orgs", height=70)
+    with col_c:
+        locations = st.text_area("Locations (comma)", key="kf_locations", height=70)
+        context = st.text_area("Context / Keywords", key="kf_context", height=160, help="Free-text mission context, tech stack, roles, etc.")
+    if st.button("Save Known Facts", key="btn_save_facts"):
+        facts = KnownFacts(
+            handles=_parse_csv(handles),
+            real_names=_parse_csv(real_names),
+            emails=_parse_csv(emails),
+            domains=_parse_csv(domains),
+            ips=_parse_csv(ips),
+            locations=_parse_csv(locations),
+            orgs=_parse_csv(orgs),
+            context=context.strip(),
+        )
+        st.session_state["known_facts"] = facts
+        st.success("Facts saved (session only).")
+    facts = KnownFacts.from_session()
+    st.markdown(f"**Current facts loaded:** {len(facts.handles)} handles, {len(facts.emails)} emails, {len(facts.domains)} domains, {len(facts.real_names)} names.")
+    st.markdown("---")
+    st.markdown("### Candidate Generation")
+    st.caption("Generate permutations / derived candidates from known facts.")
+    if st.button("Generate Candidates", key="btn_gen_candidates"):
+        facts = KnownFacts.from_session()
+        usernames = set(facts.handles)
+        # simple mutations
+        for h in list(usernames):
+            for suf in ["123", "01", "_sec", "_research", "-dev"]:
+                usernames.add(h + suf)
+            if h.isalpha():
+                usernames.add(h + "1")
+        # email permutations (if have names + domains)
+        emails = set(facts.emails)
+        if facts.real_names and facts.domains:
+            first = facts.real_names[0].split()[0].lower()
+            last = facts.real_names[0].split()[-1].lower()
+            for d in facts.domains[:3]:
+                emails.update({
+                    f"{first}.{last}@{d}",
+                    f"{first}{last}@{d}",
+                    f"{first[0]}{last}@{d}",
+                    f"{first}_{last}@{d}",
+                })
+        # domain variants (very light)
+        dom_vars = set(facts.domains)
+        for d in facts.domains:
+            if d.count('.') >= 1:
+                root = d.split('.')[0]
+                tld = d.split('.')[-1]
+                dom_vars.add(root + "-dev." + tld)
+                dom_vars.add(root + "-staging." + tld)
+        st.session_state["generated_candidates"] = {
+            "usernames": sorted(list(usernames))[:100],
+            "emails": sorted(list(emails))[:100],
+            "domains": sorted(list(dom_vars))[:100]
+        }
+        st.success("Candidates generated.")
+    cand = st.session_state.get("generated_candidates")
+    if cand:
+        st.write("Usernames (sample)", cand["usernames"][:10])
+        st.write("Emails (sample)", cand["emails"][:10])
+        st.write("Domains (sample)", cand["domains"][:10])
+        if st.button("Add All Candidates to Facts", key="btn_add_cand"):
+            facts = KnownFacts.from_session()
+            facts.handles = sorted(list(set(facts.handles + cand["usernames"])))
+            facts.emails = sorted(list(set(facts.emails + cand["emails"])))
+            facts.domains = sorted(list(set(facts.domains + cand["domains"])))
+            st.session_state["known_facts"] = facts
+            st.success("Candidates merged into facts.")
+
+def _generate_investigation_plan(entity_type: str, entity_value: str, facts: KnownFacts) -> Dict[str, Any]:
+    """Produce a structured investigation plan based on current facts and target type."""
+    objectives = [
+        "Establish definitive identifiers (emails, handles, domains) to anchor pivots",
+        "Map exposed surface (sites, code, documents, credentials indicators)",
+        "Correlate identities across platforms and artifacts",
+        "Identify signs of exposure, breach, or sensitive data leakage",
+        "Prioritize high-confidence findings for deeper manual review"
+    ]
+    # Gap analysis
+    gaps = []
+    if not facts.emails: gaps.append("No confirmed email addresses")
+    if not facts.handles: gaps.append("No social/developer handles")
+    if not facts.domains and entity_type != "Domain / Website": gaps.append("No related domains captured")
+    if not facts.real_names and entity_type in ("Named Individual", "Organization / Company"): gaps.append("No individual name variants")
+    if not facts.orgs and entity_type == "Named Individual": gaps.append("No employing organizations")
+    if not facts.context: gaps.append("Context / mission keywords empty (reduces scoring nuance)")
+    if not gaps: gaps = ["Current fact set sufficient for first enumeration pass"]
+
+    # Phase recommendations
+    phases: List[Dict[str, Any]] = []
+    phases.append({
+        "phase": "Phase 1 - Baseline & Fact Hardening",
+        "goals": ["Normalize entity value", "Collect canonical facts", "Note obvious pivots"],
+        "actions": [
+            "Record primary identifier in Known Facts",
+            "Add any immediately known emails, domains, handles",
+            "Capture mission / context keywords (tech stack, industry, roles)",
+            "Run Advisor for broad Footprinting and People queries"
+        ]
+    })
+    phases.append({
+        "phase": "Phase 2 - Surface Enumeration",
+        "goals": ["Map public assets", "Discover documents & code"],
+        "actions": [
+            "Select dorks: site:, filetype:, intitle:'index of' variations",
+            "Enumerate repo references (GitHub/GitLab) and note unique strings",
+            "Pull down high-signal docs (PDF/DOCX) and extract metadata for hidden emails/handles"
+        ]
+    })
+    phases.append({
+        "phase": "Phase 3 - Identity Correlation",
+        "goals": ["Link handles to emails", "Find cross-platform reuse"],
+        "actions": [
+            "Search handles with platform-specific queries (social + developer)",
+            "Leverage resume / CV / speaker page dorks for name-email alignment",
+            "Add newly confirmed identifiers back into Known Facts and re-score"
+        ]
+    })
+    phases.append({
+        "phase": "Phase 4 - Exposure & Risk Signals",
+        "goals": ["Detect leak indicators", "Prioritize potential sensitive exposure"],
+        "actions": [
+            "Run leak / breach / paste oriented dorks including credential keywords",
+            "Inspect any pastebin / gist / artifact snippets for policy or secret references",
+            "Flag findings with multiple co-occurring identifiers for manual escalation"
+        ]
+    })
+    phases.append({
+        "phase": "Phase 5 - Consolidation & Reporting",
+        "goals": ["Score & rank findings", "Produce exportable report"],
+        "actions": [
+            "Re-score after final fact enrichment",
+            "Visualize graph to ensure high-score nodes connect multiple anchors",
+            "Export HTML report and retain audit log",
+            "Document residual gaps & next potential pivots (e.g., historical archives, certificate transparency)"
+        ]
+    })
+    return {
+        "entity_type": entity_type,
+        "entity_value": entity_value,
+        "objectives": objectives,
+        "gaps": gaps,
+        "phases": phases,
+        "facts_snapshot": facts.__dict__,
+    }
+
+def render_investigation_plan(entity_type: str, entity_value: str):
+    st.subheader("Investigation Plan")
+    facts = KnownFacts.from_session()
+    plan = _generate_investigation_plan(entity_type, entity_value, facts)
+    st.markdown("### Core Objectives")
+    for o in plan["objectives"]:
+        st.markdown(f"- {o}")
+    st.markdown("### Current Gaps")
+    for g in plan["gaps"]:
+        st.markdown(f"- {g}")
+    st.markdown("### Phased Approach")
+    for ph in plan["phases"]:
+        with st.expander(ph["phase"], expanded=False):
+            st.markdown("**Goals**")
+            for g in ph["goals"]:
+                st.markdown(f"- {g}")
+            st.markdown("**Actions**")
+            for a in ph["actions"]:
+                st.markdown(f"- {a}")
+    if st.button("Export Plan (Markdown)", key="btn_export_plan"):
+        md_lines = [f"# Investigation Plan: {plan['entity_type']} — {plan['entity_value']}", "", "## Objectives"]
+        md_lines += [f"- {o}" for o in plan["objectives"]]
+        md_lines += ["", "## Gaps"] + [f"- {g}" for g in plan["gaps"]]
+        md_lines += ["", "## Phases"]
+        for ph in plan["phases"]:
+            md_lines.append(f"### {ph['phase']}")
+            md_lines.append("**Goals**")
+            md_lines += [f"- {g}" for g in ph["goals"]]
+            md_lines.append("**Actions**")
+            md_lines += [f"- {a}" for a in ph["actions"]]
+            md_lines.append("")
+        md = "\n".join(md_lines)
+        st.download_button("Download Plan", md, file_name="investigation_plan.md", mime="text/markdown")
+
+
+def _score_dork_rule(d: TypedDork, goals: List[str], user_note: str) -> float:
+    s = 1.0
+    for g in goals:
+        for cat, w in GOAL_WEIGHTS.get(g, {}).items():
+            if d["type"] == cat:
+                s += w
+    note = (user_note or "").lower()
+    if any(k in note for k in ["password", "credential", "secret", "token"]):
+        if d["type"] in {"Credentials/Secrets", "Code/Repo", "Directory/Index"}:
+            s += 1.5
+    if any(k in note for k in ["resume", "cv", "employee", "contact"]):
+        if d["type"] in {"People/Profiles"}:
+            s += 1.0
+    if any(k in note for k in ["breach", "leak", "dump", "paste"]):
+        if d["type"] in {"Exposure/Leak", "Credentials/Secrets"}:
+            s += 1.5
+    if any(k in note for k in ["paper", "research", "doi", "citation"]):
+        if d["type"] in {"Academic/Research"}:
+            s += 1.0
+    return s
+
+
+def _recommend_rules(entity_type: str, entity_value: str, goals: List[str], user_note: str, top_k: int = 10) -> List[TypedDork]:
+    builder = TYPED_DORK_MAP.get(entity_type)
+    typed = builder(entity_value) if (builder and entity_value) else []
+    ranked = sorted(typed, key=lambda d: _score_dork_rule(d, goals, user_note), reverse=True)
+    return ranked[:top_k]
+
+
+def _safe_json_list(txt: str) -> List[Dict[str, Any]]:
+    """Best-effort extraction of a JSON list from raw LLM text or user input.
+
+    Strategy:
+    1. Strip surrounding markdown code fences (with or without language tag).
+    2. Attempt direct json.loads.
+    3. Locate outermost '[' ... ']' span and attempt parse.
+    Returns [] on any failure or non-list root.
+    """
+    if not txt:
+        return []
+    s = txt.strip()
+    # Remove markdown fences like ```json ... ```
+    if s.startswith("```"):
+        lines = s.split("\n")
+        # drop first fence line
+        lines = lines[1:]
+        # drop trailing fence line if present
+        if lines and lines[-1].strip() == "```":
+            lines = lines[:-1]
+        s = "\n".join(lines).strip()
+    # Try direct parse
+    try:
+        data = json.loads(s)
+        if isinstance(data, list):
+            return data  # type: ignore[return-value]
+    except Exception:
+        pass
+    # Fallback: largest bracketed list slice
+    start = s.find("[")
+    end = s.rfind("]")
+    if start != -1 and end != -1 and end > start:
+        candidate = s[start:end+1]
+        try:
+            data = json.loads(candidate)
+            if isinstance(data, list):
+                return data  # type: ignore[return-value]
+        except Exception:
+            pass
+    return []
+
+
+def _hf_infer(model_id: str, prompt: str, max_new_tokens: int = 384, temperature: float = 0.2) -> Optional[str]:
+    """Call Hugging Face Inference API if token & requests available.
+
+    Returns generated text or None (which triggers rule-based fallback)."""
+    if requests is None:
+        st.warning("'requests' not installed; cannot call Hugging Face Inference API. Falling back to rules.")
+        return None
+    api_token = os.getenv("HF_API_TOKEN")
+    if not api_token:
+        st.warning("HF_API_TOKEN not set. Add it as a secret/environment variable to enable LLM advisor. Falling back to rules.")
+        return None
+    url = f"https://api-inference.huggingface.co/models/{model_id}"
+    headers = {"Authorization": f"Bearer {api_token}"}
+    payload = {
+        "inputs": prompt,
+        "parameters": {
+            "max_new_tokens": max_new_tokens,
+            "temperature": temperature,
+            "return_full_text": False,
+        },
+    }
+    try:
+        resp = requests.post(url, headers=headers, json=payload, timeout=90)
+        resp.raise_for_status()
+        data = resp.json()
+        if isinstance(data, list) and data and isinstance(data[0], dict) and "generated_text" in data[0]:
+            return data[0]["generated_text"]
+        if isinstance(data, dict) and "generated_text" in data:
+            return data["generated_text"]
+        # Unknown shape: return serialized
+        return json.dumps(data)
+    except Exception as e:
+        st.warning(f"HF inference error: {e}. Falling back to rules.")
+        return None
+
+
+def _build_llm_prompt(entity_type: str, entity_value: str, goals: List[str], hint: str, baseline: List[TypedDork], top_k: int) -> str:
+    cat_list = ", ".join(sorted(DORK_TYPES.keys()))
+    baseline_lines = "\n".join([f"- {d['type']}: {d['q']}  // {d['why']}" for d in baseline[:25]])
+    return f"""
+You are an OSINT assistant that crafts focused Google dorks.
+Given the entity type and value, the user's goals, and an optional hint, return a JSON array (and ONLY a JSON array) of up to {top_k} objects with this schema:
+  {{"q": "<google dork string>", "type": "<one of [{cat_list}]>", "why": "<1 sentence rationale>"}}
+Rules:
+- Prefer free, public sources; avoid paid services.
+- Keep queries precise; quote exact strings; use site:, filetype:, inurl:, intitle:, and AROUND(n) when helpful.
+- Use ONLY categories from the allowed list above.
+- Output must be valid JSON (no prose, no markdown fences).
+
+ENTITY_TYPE: {entity_type}
+ENTITY_VALUE: {entity_value}
+GOALS: {goals}
+HINT: {hint or '(none)'}
+BASELINE_CATALOG (for inspiration, don't just repeat):
+{baseline_lines}
+"""
+
+
+def _recommend_llm(entity_type: str, entity_value: str, goals: List[str], hint: str, top_k: int) -> List[TypedDork]:
+    builder = TYPED_DORK_MAP.get(entity_type)
+    baseline = builder(entity_value) if (builder and entity_value) else []
+    model_key = st.session_state.get("settings", {}).get("model", "qwen2.5-1.5b-instruct")
+    model_id = MODEL_ID_MAP.get(model_key, model_key)
+    prompt = _build_llm_prompt(entity_type, entity_value, goals, hint, baseline, top_k)
+    raw = _hf_infer(model_id, prompt)
+    if not raw:
+        return []
+    parsed = _safe_json_list(raw)
+    out: List[TypedDork] = []
+    for item in parsed:
+        if not isinstance(item, dict):
+            continue
+        q = str(item.get("q", "")).strip()
+        typ = str(item.get("type", "Footprinting")).strip()
+        why = str(item.get("why", "Suggested by LLM")).strip()
+        if not q:
+            continue
+        if typ not in DORK_TYPES:
+            typ = "Footprinting"
+        out.append({"q": q, "type": typ, "why": why})
+    # Dedupe while preserving order
+    seen = set()
+    deduped: List[TypedDork] = []
+    for d in out:
+        if d["q"] in seen:
+            continue
+        seen.add(d["q"])
+        deduped.append(d)
+    return deduped[:top_k]
+
+
+def render_dork_recommender(entity_type: str, entity_value: str):
+    st.subheader("Step 2: Advisor")
+    goals = st.multiselect("What are you trying to do?", DEFAULT_GOALS, default=["Map footprint / surface", "Find documents & spreadsheets"], key="advisor_goals")
+    hint = st.text_input("Optional hint (e.g., 'credentials around build system', 'employee directory')", key="advisor_hint")
+    top_k = st.slider("How many suggestions?", 3, 20, 10, key="advisor_topk")
+    use_llm = st.checkbox("Use advisor LLM (Hugging Face Inference API)", value=False, key="use_llm_checkbox", help="Requires HF_API_TOKEN environment secret. Falls back to rules if unavailable.")
+
+    if st.button("Suggest dorks", key="btn_suggest"):
+        recs: List[TypedDork] = []
+        if use_llm:
+            recs = _recommend_llm(entity_type, entity_value, goals, hint, top_k)
+        if not recs:
+            recs = _recommend_rules(entity_type, entity_value, goals, hint, top_k)
+        if not recs:
+            st.warning("Enter a valid entity value first.")
+            return
+        st.session_state["dork_recs"] = recs
+        st.markdown("#### Recommended dorks")
+        for r in recs:
+            st.markdown(f"- **[{r['type']}]** `{r['q']}`")
+            st.markdown(f"  <span class='small'>{r['why']}</span>", unsafe_allow_html=True)
+
+# ---------------------------
+# STEP 3: Selection
+# ---------------------------
+def render_dork_selection(entity_type: str, entity_value: str):
+    st.subheader("Step 3: Select dorks")
+    recs = st.session_state.get("dork_recs", [])
+    choice = st.radio("Select method", ["Accept advisor", "Pick from catalog", "Custom"], key="method_radio")
+    final = []
+    if choice == "Accept advisor":
+        final = [r["q"] for r in recs]
+    elif choice == "Pick from catalog":
+        typed = TYPED_DORK_MAP[entity_type](entity_value)
+        for idx, d in enumerate(typed):
+            if st.checkbox(d["q"], key=f"pick_{idx}"):
+                final.append(d["q"])
+    elif choice == "Custom":
+        txt = st.text_area("Enter custom dorks")
+        if txt:
+            final = [l.strip() for l in txt.splitlines() if l.strip()]
+    st.session_state["selected_dorks"] = final
+    st.write("Final Basket:", final)
+
+# ---------------------------
+# STEP 4: Execution + Metadata
+# ---------------------------
+def _audit_init():
+    st.session_state.setdefault("audit", [])
+
+def _audit_log(action: str, **details):
+    if not st.session_state.get("settings", {}).get("logging", True):
+        return
+    _audit_init()
+    st.session_state["audit"].append({"ts": datetime.utcnow().isoformat()+"Z", "action": action, **details})
+
+def ddg_search(query: str, max_results: int=5):
+    if DDGS is None:
+        return []
+    with DDGS() as ddgs:
+        return list(ddgs.text(query, max_results=max_results))
+
+# ---------------------------
+# Scoring
+# ---------------------------
+SOURCE_RELIABILITY = {
+    "high": [".gov", ".mil", ".edu", "sec.gov", "reuters", "bloomberg", "nytimes", "wsj"],
+    "med": ["github.com", "gitlab.com", "medium.com", "substack.com", "bbc"],
+}
+
+def _source_reliability(url: str) -> str:
+    url_l = (url or "").lower()
+    for kw in SOURCE_RELIABILITY["high"]:
+        if kw in url_l:
+            return "High"
+    for kw in SOURCE_RELIABILITY["med"]:
+        if kw in url_l:
+            return "Medium"
+    return "Low"
+
+def _fuzzy_match(a: str, b: str) -> float:
+    if not a or not b:
+        return 0.0
+    if a.lower() == b.lower():
+        return 1.0
+    if fuzz:
+        return fuzz.ratio(a.lower(), b.lower()) / 100.0
+    return 0.0
+
+def score_finding(row: Dict[str, Any], facts: KnownFacts) -> Dict[str, Any]:
+    title = row.get("title") or row.get("heading") or ""
+    snippet = row.get("body") or row.get("snippet") or ""
+    url = row.get("href") or row.get("link") or ""
+    text = f"{title}\n{snippet}".lower()
+    score = 0
+    comps: List[Dict[str, Any]] = []
+
+    def add(points: int, label: str, reason: str):
+        nonlocal score
+        score += points
+        comps.append({"label": label, "points": points, "reason": reason})
+
+    # Exact matches
+    hits = 0
+    for e in facts.emails:
+        if e.lower() in text:
+            add(25, "Email match", e)
+            hits += 1
+    for h in facts.handles:
+        if h.lower() in text:
+            add(15, "Handle match", h)
+            hits += 1
+    for d in facts.domains:
+        if d.lower() in text:
+            add(10, "Domain mention", d)
+            hits += 1
+    for ip in facts.ips:
+        if ip and ip.lower() in text:
+            add(10, "IP mention", ip)
+            hits += 1
+    for org in facts.orgs:
+        if org.lower() in text:
+            add(8, "Org mention", org)
+            hits += 1
+    for name in facts.real_names:
+        if name.lower() in text:
+            add(20, "Name mention", name)
+            hits += 1
+        else:
+            # fuzzy
+            for token in name.split():
+                for word in text.split():
+                    if _fuzzy_match(token, word) >= 0.9:
+                        add(8, "Fuzzy name token", f"{token}->{word}")
+                        hits += 1
+                        break
+
+    if hits >= 2:
+        add(10, "Co-occurrence", f"{hits} fact tokens present")
+
+    # Source reliability
+    rel = _source_reliability(url)
+    if rel == "High":
+        add(10, "Source reliability", rel)
+    elif rel == "Medium":
+        add(5, "Source reliability", rel)
+
+    # Context keywords basic
+    ctx_hits = 0
+    if facts.context:
+        ctx_hits = sum(1 for kw in facts.context.lower().split() if kw and kw in text)
+        if ctx_hits >= 3:
+            add(10, "Context alignment", f"{ctx_hits} context keywords")
+        elif ctx_hits == 2:
+            add(6, "Context alignment", "2 context keywords")
+        elif ctx_hits == 1:
+            add(3, "Context alignment", "1 context keyword")
+
+    # Optional embedding similarity (semantic relevance to context)
+    if ctx_hits < 3 and st.session_state.get("settings", {}).get("enable_embeddings") and facts.context and SentenceTransformer:
+        emb_model = st.session_state.get("_embed_model")
+        if emb_model is None:
+            with st.spinner("Loading embedding model (once)..."):
+                try:
+                    emb_model = SentenceTransformer("all-MiniLM-L6-v2")
+                    st.session_state["_embed_model"] = emb_model
+                except Exception:
+                    emb_model = None
+        if emb_model:
+            try:
+                q_emb = emb_model.encode([facts.context[:512]])[0]
+                doc_emb = emb_model.encode([text[:1024]])[0]
+                # cosine
+                dot = float((q_emb @ doc_emb) / ((q_emb**2).sum()**0.5 * (doc_emb**2).sum()**0.5))
+                if dot > 0.35:
+                    pts = int(min(20, (dot - 0.35) / (0.30) * 20))  # scale 0.35..0.65 -> 0..20
+                    if pts > 0:
+                        add(pts, "Semantic similarity", f"cos={dot:.2f}")
+            except Exception:
+                pass
+
+    level = "High" if score >= 70 else ("Medium" if score >= 40 else "Low")
+    explanation = "; ".join(f"{c['label']} +{c['points']} ({c['reason']})" for c in comps)
+    return {
+        **row,
+        "score": score,
+        "level": level,
+        "explanation": explanation,
+        "components": comps,
+        "reliability": rel,
+        "url": url,
+        "title": title,
+        "snippet": snippet,
+    }
+
+def score_all_findings(rows: List[Dict[str, Any]], facts: KnownFacts) -> List[Dict[str, Any]]:
+    return [score_finding(r, facts) for r in rows]
+
+# File/Image metadata extraction
+def extract_metadata(upload) -> Dict[str, Any]:
+    info: Dict[str, Any] = {}
+    if not upload:
+        return info
+    name = upload.name.lower()
+    try:
+        if name.endswith(".pdf") and PdfReader:
+            reader = PdfReader(upload)
+            info = {"Pages": len(reader.pages), "Meta": dict(reader.metadata)}
+        elif name.endswith(".docx") and docx:
+            doc = docx.Document(upload)
+            cp = doc.core_properties
+            info = {"Title": cp.title, "Author": cp.author, "Created": cp.created}
+        elif (name.endswith(".doc") or name.endswith(".xls")) and olefile:
+            if olefile.isOleFile(upload):
+                info = {"OLE": "Legacy Office file detected"}
+        elif name.endswith((".mp3", ".flac", ".ogg", ".m4a")) and MutagenFile:
+            audio = MutagenFile(upload)
+            info = dict(audio) if audio else {}
+        elif name.endswith((".jpg", ".jpeg", ".png")) and exifread:
+            tags = exifread.process_file(upload)
+            info = {tag: str(val) for tag, val in tags.items()}
+    except Exception as e:
+        info = {"error": str(e)}
+    return info
+
+# ---------------------------
+# Graph Visualization
+# ---------------------------
+def build_graph(scored: List[Dict[str, Any]], facts: KnownFacts) -> Optional[str]:
+    if not nx or not Network:
+        return None
+    G = nx.Graph()
+    # Add fact nodes
+    for email in facts.emails:
+        G.add_node(email, type="email")
+    for h in facts.handles:
+        G.add_node(h, type="handle")
+    for d in facts.domains:
+        G.add_node(d, type="domain")
+    for n in facts.real_names:
+        G.add_node(n, type="name")
+    # Add finding nodes & edges
+    for f in scored[:300]:
+        url = f.get("url") or "unknown"
+        G.add_node(url, type="finding", score=f.get("score",0))
+        text = (f.get("title","") + " " + f.get("snippet",""))[:400].lower()
+        linked = False
+        for token in facts.emails + facts.handles + facts.domains + facts.real_names:
+            if token.lower() and token.lower() in text:
+                G.add_edge(token, url)
+                linked = True
+        if not linked and f.get("level") == "High":
+            # still include high score node
+            continue
+    # Visualize
+    net = Network(height="550px", width="100%", bgcolor="#111", font_color="white")
+    for n, data in G.nodes(data=True):
+        color = {
+            "email": "#ff7f50",
+            "handle": "#1e90ff",
+            "domain": "#32cd32",
+            "name": "#daa520",
+            "finding": "#888"
+        }.get(data.get("type"), "#999")
+        size = 15 if data.get("type") != "finding" else max(5, min(25, int(data.get("score",10)/4)))
+        net.add_node(n, label=n[:30], color=color, title=n, size=size)
+    for u,v in G.edges():
+        net.add_edge(u,v)
+    path = "graph.html"
+    net.show(path)
+    try:
+        with open(path, "r", encoding="utf-8") as f:
+            return f.read()
+    except Exception:
+        return None
+
+# ---------------------------
+# Report Export
+# ---------------------------
+HTML_TEMPLATE = """<!doctype html><html><head><meta charset='utf-8'/><title>OSINT Report</title>
+<style>body{font-family:Arial,Helvetica,sans-serif;margin:2rem;background:#111;color:#eee;} h1,h2{color:#ffcc66} table{border-collapse:collapse;width:100%;margin:1rem 0;} th,td{border:1px solid #444;padding:6px;font-size:0.85rem;} .high{color:#4caf50;font-weight:700}.medium{color:#ffc107}.low{color:#f44336} code{background:#222;padding:2px 4px;border-radius:4px;} .small{font-size:0.75rem;color:#ccc}</style>
+</head><body>
+<h1>OSINT Investigation Report</h1>
+<h2>Summary</h2>
+<p><b>Entity Type:</b> {{ entity_type }}<br/><b>Entity Value:</b> {{ entity_value }}<br/>
+<b>Generated:</b> {{ generated }} UTC</p>
+<h2>Known Facts</h2>
+<pre>{{ facts_json }}</pre>
+<h2>Findings (Top {{ findings|length }})</h2>
+<table><thead><tr><th>Score</th><th>Level</th><th>Title</th><th>URL</th><th>Reliability</th><th>Explanation</th></tr></thead><tbody>
+{% for f in findings %}
+<tr><td>{{ f.score }}</td><td class='{{ f.level|lower }}'>{{ f.level }}</td><td>{{ f.title }}</td><td><a href='{{ f.url }}' target='_blank'>link</a></td><td>{{ f.reliability }}</td><td class='small'>{{ f.explanation }}</td></tr>
+{% endfor %}
+</tbody></table>
+</body></html>"""
+
+def export_report(entity_type: str, entity_value: str, facts: KnownFacts, scored: List[Dict[str, Any]]):
+    if not Template:
+        st.warning("jinja2 not installed; cannot build HTML report.")
+        return
+    tpl = Template(HTML_TEMPLATE)
+    html = tpl.render(
+        entity_type=entity_type,
+        entity_value=entity_value,
+        generated=datetime.utcnow().isoformat(),
+        facts_json=json.dumps(facts.__dict__, indent=2),
+        findings=scored[:200],
+    )
+    st.download_button("Download HTML Report", data=html.encode("utf-8"), file_name="osint_report.html", mime="text/html")
+
+# ---------------------------
+# Username Availability Probe (simple)
+# ---------------------------
+PLATFORM_PATTERNS: Dict[str,str] = {
+    "GitHub": "https://github.com/{user}",
+    "Twitter": "https://x.com/{user}",
+    "Reddit": "https://www.reddit.com/user/{user}",
+    "Medium": "https://medium.com/@{user}",
+}
+
+def probe_usernames(users: List[str], limit: int = 10) -> List[Dict[str,str]]:
+    out = []
+    if requests is None:
+        return out
+    for u in users[:limit]:
+        for plat, pattern in PLATFORM_PATTERNS.items():
+            url = pattern.format(user=u)
+            status = "?"
+            try:
+                r = requests.get(url, timeout=5)
+                if r.status_code == 200:
+                    status = "Exists"
+                elif r.status_code == 404:
+                    status = "Not Found"
+                else:
+                    status = str(r.status_code)
+            except Exception:
+                status = "Error"
+            out.append({"platform": plat, "username": u, "status": status})
+    return out
+
+def render_step4_execution(entity_type: str, entity_value: str):
+    st.subheader("Step 4: Execute & Metadata")
+    final = st.session_state.get("selected_dorks", [])
+    if not final:
+        st.info("No dorks selected.")
+        return
+    max_per = st.slider("Max results", 3, 20, st.session_state.get("settings", {}).get("max_per", 10))
+    if st.button("Run dorks"):
+        # Progressive skeleton loader while executing each query
+        placeholder = st.empty()
+        results: List[Dict[str, Any]] = []
+        total_expected = len(final) * max_per
+        for i, q in enumerate(final, start=1):
+            remaining = len(final) - i + 1
+            est_remaining = remaining * max_per
+            # Render skeletons representing expected remaining results (capped for performance)
+            with placeholder.container():
+                st.markdown("#### Running searches…")
+                st.caption(f"Query {i}/{len(final)}: {q}")
+                skel_blocks = min(est_remaining, 18)  # avoid huge DOM
+                # Distribute size variations for visual interest
+                sizes = ["sm", "md", "lg"]
+                rows_html = []
+                for j in range(skel_blocks):
+                    size = sizes[j % len(sizes)]
+                    rows_html.append(f'<div class="skeleton-block skeleton-h {size}"></div>')
+                st.markdown(
+                    '<div class="skeleton-group">' + "".join(rows_html) + "</div>",
+                    unsafe_allow_html=True,
+                )
+            # Execute the actual search
+            rows = ddg_search(q, max_results=max_per)
+            _audit_log("dork_run", dork=q, results=len(rows))
+            results.extend(rows)
+        # Clear placeholder after completion
+        placeholder.empty()
+        st.session_state["dork_results"] = results
+        # compute scores after acquiring all results
+        facts = KnownFacts.from_session()
+        st.session_state["scored_results"] = score_all_findings(results, facts)
+    if res := st.session_state.get("dork_results"):
+        st.json(res)
+        audit_str = "\n".join(json.dumps(ev) for ev in st.session_state["audit"])
+        st.download_button("Download audit", audit_str, "audit.jsonl")
+
+    st.markdown("---")
+    st.subheader("File/Image Metadata Extractor")
+    upload = st.file_uploader("Upload a file (pdf, docx, mp3, jpg, etc.)")
+    if upload:
+        meta = extract_metadata(upload)
+        st.json(meta)
+
+# ---------------------------
+# Main
+# ---------------------------
+def render_help_tab():
+    st.subheader("How To Use This OSINT Investigator Suite")
+    st.markdown("""
+    This tab is a quick field manual. It shows the purpose of every tab, the workflow order, and pro tips.
+
+    ### Recommended Workflow (Fast Path)
+    1. Known Facts – Load seed identifiers (handles, emails, domains, names).
+    2. Plan – Review the autogenerated phased investigation plan; adjust facts if gaps obvious.
+    3. Explainer – Learn the dork building logic for transparency (optional).
+    4. Advisor – Get recommended dorks (rule + optional LLM). Refine, then accept.
+    5. Selection – Curate / edit / remove dorks; finalize the set to run.
+    6. Execution – Run dorks (skeleton loaders show progress); extract file/image metadata if you have artifacts.
+    7. Scoring – Review confidence scores, filter, read explanations, iterate by adding new facts and re-scoring.
+    8. Graph – Visual relationship view (requires networkx + pyvis) to spot high‑intersection nodes.
+    9. Report – Export an HTML snapshot for stakeholders / evidence chain.
+    10. Usernames – Probe handle existence across common platforms.
+    11. Help – (This) reference card anytime.
+
+    ---
+    ### Tab Details & Tips
+    **Known Facts**
+    - Add all solid identifiers early; scoring & dork generation leverage them.
+    - Handles & emails dramatically raise confidence when co-occurring in sources.
+    - Update facts after each scouting loop (new domains from findings, etc.).
+
+    **Plan**
+    - Generated phases: Recon, Expansion, Correlation, Deep Dive, Reporting.
+    - Use it as a narrative backbone for your final export or task tickets.
+
+    **Explainer**
+    - Shows how base + contextual tokens assemble into search dorks by entity type.
+    - Use to justify methodology or teach newcomers.
+
+    **Advisor**
+    - Hybrid: deterministic heuristic rules plus optional LLM (if HF token + model set in settings).
+    - Toggle embedding/semantic features in settings (if present) to enrich scoring later.
+    - Accept the generated list to push candidates to Selection.
+
+    **Selection**
+    - Final edit surface. Remove noisy / redundant queries before execution.
+    - Keep a balanced mix: broad footprint + specific leak/file/resource patterns.
+
+    **Execution**
+    - Click Run dorks: animated skeleton placeholders appear per batch while searches resolve.
+    - Results cached in session: re-running overwrites (audit log tracks runs).
+    - Metadata Extractor: Upload docs / images to pull EXIF, PDF metadata, docx core props, audio tags.
+
+    **Scoring**
+    - Each finding scored from component signals (exact identifiers, fuzzy tokens, co-occurrence, reliability, context keywords, semantic similarity).
+    - Levels: High ≥70, Medium ≥40. Use filters + search bar to triage.
+    - Re-score after updating Known Facts or enabling embeddings.
+    - "Full Explanations" expands reasoning transparency for defensibility.
+
+    **Graph**
+    - Visual pivot map: nodes sized by aggregated score; edges for shared identifiers.
+    - Use to spot central assets (good pivot candidates) quickly.
+    - If graph libs missing you'll see an install hint (they're listed in requirements).
+
+    **Report**
+    - Generates a standalone HTML (includes styling + key metrics) for sharing.
+    - Consider exporting after each major iteration to preserve state (version trail).
+
+    **Usernames**
+    - Lightweight existence probe (HTTP status heuristic). "Exists" ≠ ownership proof.
+    - Add more platforms by extending PLATFORM_PATTERNS in code.
+
+    **Chat Assistant (Floating)**
+    - Noir-style guidance; quick buttons for common pivots.
+    - If a model + token configured, responses may blend LLM nuance with rule hints; otherwise rule-based only.
+    - Close with ✕; reopen with the 🕵️ button.
+
+    **Light / Dark Toggle**
+    - Sidebar toggle (if present) swaps theme classes; custom components auto-adapt.
+
+    **Skeleton Loaders**
+    - Shimmering bars appear during long search batches to indicate progress.
+
+    ---
+    ### Power User Tips
+    - Iterative Loop: (Run) → (Score) → (Add new facts from findings) → (Re-score) → (Graph) → (Report).
+    - High-value pivots: Rare email domains, unique handles in code repos, author names in PDF metadata.
+    - Noise Control: Remove generic dorks that return unrelated trending content before executing.
+    - Evidence Chain: Audit log (download on Execution tab) + HTML reports form a defensible trail.
+
+    ### Performance Notes
+    - Limiting Max results reduces API latency & keeps scoring responsive.
+    - Embedding model loads lazily—first semantic scoring may pause a few seconds.
+    - Graph view caps large result sets to avoid browser lockups.
+
+    ### Glossary
+    - Dork: Crafted search query combining identifiers + context tokens.
+    - Pivot: New investigative direction unlocked by a discovered unique attribute.
+    - Co-occurrence: Multiple target identifiers appearing together in one source.
+
+    ### Ethics Reminder
+    Public sources only. No credential stuffing, intrusion, or accessing private data stores. Respect rate limits & platform ToS.
+    """)
+
+def main():
+    st.markdown("""
+    <div class='app-brand-bar'>
+        <div style='font-size:28px'>🕵️</div>
+        <div class='app-brand-title'>OSINT Investigator Suite</div>
+        <div class='app-badge'>AI-Augmented</div>
+        <div class='app-badge'>Heuristic Scoring</div>
+        <div class='app-badge'>Report Export</div>
+    </div>
+    """, unsafe_allow_html=True)
+    entity_type = st.selectbox("Entity type", list(TYPED_DORK_MAP.keys()), key="entity_type")
+    entity_value = st.text_input("Entity value", "[email protected]", key="entity_value")
+    if entity_type and entity_value:
+        tabs = st.tabs(["Known Facts", "Plan", "Explainer", "Advisor", "Selection", "Execution", "Scoring", "Graph", "Report", "Usernames", "Help"])
+        with tabs[0]:
+            _known_facts_ui()
+        with tabs[1]:
+            render_investigation_plan(entity_type, entity_value)
+        with tabs[2]:
+            render_dorks_explainer(entity_type, entity_value)
+        with tabs[3]:
+            render_dork_recommender(entity_type, entity_value)
+        with tabs[4]:
+            render_dork_selection(entity_type, entity_value)
+        with tabs[5]:
+            render_step4_execution(entity_type, entity_value)
+        with tabs[6]:
+            st.subheader("Scoring & Confidence")
+            facts = KnownFacts.from_session()
+            scored = st.session_state.get("scored_results")
+            if not scored:
+                st.info("Run dorks first to generate findings and scores.")
+            else:
+                high = sum(1 for r in scored if r["level"] == "High")
+                med = sum(1 for r in scored if r["level"] == "Medium")
+                low = sum(1 for r in scored if r["level"] == "Low")
+                st.markdown("<div class='sticky-toolbar'><strong>Findings Overview</strong></div>", unsafe_allow_html=True)
+                k1,k2,k3,k4 = st.columns(4)
+                k1.metric("Total", len(scored))
+                k2.metric("High", high)
+                k3.metric("Medium", med)
+                k4.metric("Low", low)
+                level_filter = st.multiselect("Levels", ["High", "Medium", "Low"], default=["High", "Medium", "Low"], key="lvl_filter")
+                q = st.text_input("Search title/snippet", key="score_search")
+                view = [r for r in scored if r["level"] in level_filter and (not q or q.lower() in (r.get("snippet", '')).lower() or q.lower() in (r.get("title", '')).lower())]
+                rows_html = []
+                for r in view:
+                    lvl = r["level"].lower()
+                    badge = f"<span class='badge {lvl}'>{r['level']}</span>"
+                    title = (r.get('title',''))[:120]
+                    expl_short = (r.get('explanation',''))[:180]
+                    url = r.get('url') or ''
+                    rows_html.append(f"<tr><td>{r['score']}</td><td>{badge}</td><td>{title}</td><td><a href='{url}' target='_blank'>link</a></td><td>{r['reliability']}</td><td>{expl_short}</td></tr>")
+                table_html = """
+                <div style='max-height:520px;overflow:auto;border:1px solid #262626;border-radius:12px;'>
+                  <table class='score-table'>
+                    <thead><tr><th>Score</th><th>Level</th><th>Title</th><th>URL</th><th>Reliab.</th><th>Explanation (truncated)</th></tr></thead>
+                    <tbody>{rows}</tbody>
+                  </table>
+                </div>
+                """.format(rows="".join(rows_html))
+                st.markdown(table_html, unsafe_allow_html=True)
+                col_rescore, col_full, col_export = st.columns([1,2,1])
+                with col_rescore:
+                    if st.button("Re-score", key="btn_rescore_now"):
+                        rescored = score_all_findings(st.session_state.get("dork_results", []), facts)
+                        st.session_state["scored_results"] = rescored
+                        st.success("Re-scored.")
+                with col_full:
+                    with st.expander("Full Explanations"):
+                        for r in view:
+                            st.markdown(f"**{r.get('title','')}** — {r['level']} ({r['score']})\n\n{r.get('explanation','')}")
+                with col_export:
+                    if st.button("Export Report (HTML)", key="btn_export_report_inline"):
+                        export_report(entity_type, entity_value, facts, scored)
+        with tabs[7]:
+            st.subheader("Entity Graph")
+            facts = KnownFacts.from_session()
+            scored = st.session_state.get("scored_results") or []
+            if scored:
+                html = build_graph(scored, facts)
+                if html:
+                    st.components.v1.html(html, height=600, scrolling=True)
+                else:
+                    st.info("Install networkx & pyvis for graph visualization.")
+            else:
+                st.info("No scored findings yet.")
+        with tabs[8]:
+            st.subheader("Report Export")
+            facts = KnownFacts.from_session()
+            scored = st.session_state.get("scored_results") or []
+            if scored:
+                export_report(entity_type, entity_value, facts, scored)
+            else:
+                st.info("Run and score findings to export a report.")
+        with tabs[9]:
+            st.subheader("Username Availability Probe")
+            facts = KnownFacts.from_session()
+            sample_users = facts.handles[:10] or [entity_value] if entity_type == "Username / Handle" else []
+            if not sample_users:
+                st.info("Add handles in Known Facts or pick a username entity.")
+            else:
+                if st.button("Probe Platforms", key="btn_probe_users"):
+                    data = probe_usernames(sample_users)
+                    st.session_state["probe_results"] = data
+                if pr := st.session_state.get("probe_results"):
+                    st.dataframe(pr, use_container_width=True)
+        with tabs[10]:
+            render_help_tab()
+        # Floating chat widget render
+        render_chat_widget(entity_type, entity_value)
+        with st.expander("Methodology / Scoring Rubric", expanded=False):
+            st.markdown("""
+            **Scoring Components**  
+            - Email (+25) / Name exact (+20) / Handle (+15) / Domain (+10) / IP (+10) / Org (+8)  
+            - Fuzzy name token (+8) / Co-occurrence (+10)  
+            - Source reliability High (+10) / Medium (+5)  
+            - Context alignment (1:+3 / 2:+6 / ≥3:+10)  
+            - Semantic similarity (0–20 scaled) if enabled  
+            **Levels:** High ≥70, Medium ≥40, else Low.  
+            """)
+        with st.expander("Ethical Use Notice", expanded=False):
+            st.markdown("Lawful OSINT only. No intrusion, auth bypass, or accessing non-public data. Respect platform ToS & privacy.")
+
+# ---------------------------
+# Chat Assistant
+# ---------------------------
+GUIDE_SYSTEM = (
+    "You are a noir-style seasoned OSINT investigator named 'The Analyst'. Speak like classic crime noir: terse, vivid metaphors, professional, never cheesy. "
+    "Guide the user step-by-step in enumerating a digital entity using only ethical open sources. "
+    "Each answer: <=150 words, 2-4 compact paragraphs or bullet fragments. Provide concrete next actions, pivot angles, and a light ethics reminder if user drifts. "
+    "Avoid sensationalism. No illegal guidance. Occasionally finish with a brief noir tag line like 'That's the shape of the alley, kid.'" )
+
+def _summarize_context(entity_type: str, entity_value: str) -> str:
+    facts: KnownFacts = KnownFacts.from_session()
+    scored = st.session_state.get("scored_results") or []
+    high_titles = [s.get("title") for s in scored if s.get("level") == "High"][:5]
+    parts = [f"Entity: {entity_type}={entity_value}"]
+    if facts.handles: parts.append(f"Handles:{len(facts.handles)}")
+    if facts.emails: parts.append(f"Emails:{len(facts.emails)}")
+    if facts.domains: parts.append(f"Domains:{len(facts.domains)}")
+    if high_titles: parts.append("HighHits:" + ";".join(high_titles))
+    return " | ".join(parts)
+
+def _rule_based_reply(user_msg: str, entity_type: str, entity_value: str) -> str:
+    msg = user_msg.lower()
+    lines = []
+    ctx = _summarize_context(entity_type, entity_value)
+    if any(k in msg for k in ["start", "hello", "hi", "first"]):
+        lines.append("First we empty our pockets—handles, domains, emails. Solid identifiers become compass bearings.")
+    if "dork" in msg or "search" in msg:
+        lines.append("Open with wide footprint dorks. Then tighten: docs leaks, repo chatter, paste traces. Each query is a flashlight beam.")
+    if "score" in msg or "confidence" in msg:
+        lines.append("Confidence breathes when multiple facts collide in a clean source. Add precise emails or stable handles—re-score, watch the highs rise.")
+    if "graph" in msg:
+        lines.append("Graph shows the intersections. Nodes struck by multiple identifiers—those corners hide stories.")
+    if "pivot" in msg or "next" in msg:
+        lines.append("Pivot off unique anchors: a handle in a PDF, an email in a commit, a domain in a press note. Each pivot narrows the alley.")
+    if not lines:
+        lines.append("Playbook: 1) Lock facts 2) Advisor for 10 sharp dorks 3) Select & run 4) Score 5) Add new facts 6) Graph pivots 7) Export report.")
+    lines.append(f"Context snapshot: {ctx}")
+    lines.append("Stay clean—public sources only. That's the shape of the alley, kid.")
+    return "\n\n".join(lines)
+
+def render_chat_widget(entity_type: str, entity_value: str):
+    # Session setup
+    st.session_state.setdefault("chat_history", [])
+    st.session_state.setdefault("chat_open", True)
+    open_flag = st.session_state["chat_open"]
+
+    # Mini open button (when closed)
+    if not open_flag:
+        if st.button("🕵️", key="open_chat_button"):
+            st.session_state["chat_open"] = True
+        # Style the button to float
+        st.markdown("""
+        <style>
+        div[data-testid='stButton'] button[kind='secondary'] {background:#222;border:2px solid #ffcc66;}
+        </style>
+        <div class='chat-mini-btn'></div>
+        """, unsafe_allow_html=True)
+        return
+
+    # Build chat window
+    messages = st.session_state["chat_history"]
+    # Render HTML shell
+    st.markdown("<div class='chat-window'>", unsafe_allow_html=True)
+    # Header with close control
+    c1, c2, c3 = st.columns([0.2, 0.65, 0.15])
+    with c1:
+        st.markdown("<div class='chat-header' style='background:transparent;padding:4px 0 0 6px;'>🕵️</div>", unsafe_allow_html=True)
+    with c2:
+        st.markdown("<div class='chat-header' style='background:transparent;padding:4px 0;'> <span class='title'>Investigator</span></div>", unsafe_allow_html=True)
+    with c3:
+        if st.button("✕", key="close_chat_btn"):
+            st.session_state["chat_open"] = False
+            st.markdown("</div>", unsafe_allow_html=True)
+            return
+    # Messages area
+    # Use an empty container to emulate scroll (Streamlit limitation)
+    msg_container = st.container()
+    with msg_container:
+        if messages:
+            for turn in messages[-18:]:
+                st.markdown(f"<p class='msg-user'><b>You:</b> {turn['user']}</p>", unsafe_allow_html=True)
+                st.markdown(f"<p class='msg-bot'><b>Inv:</b> {turn['assistant']}</p>", unsafe_allow_html=True)
+        else:
+            st.markdown("<p class='msg-bot'>Need a lead? Ask me about dorks, scoring, or pivots.</p>", unsafe_allow_html=True)
+
+    # Input form
+    with st.form("chat_form", clear_on_submit=True):
+        q = st.text_area("Message", key="chat_input_area", height=70, label_visibility="collapsed")
+        col_a, col_b, col_c, col_d = st.columns(4)
+        send = False
+        with col_a:
+            if st.form_submit_button("Send"):
+                send = True
+        with col_b:
+            if st.form_submit_button("Dorks"):
+                q = "What dorks should I run next?"; send = True
+        with col_c:
+            if st.form_submit_button("Confidence"):
+                q = "How do I improve confidence now?"; send = True
+        with col_d:
+            if st.form_submit_button("Pivot"):
+                q = "Give me a pivot strategy."; send = True
+        if send and q.strip():
+            reply: Optional[str] = None
+            if st.session_state.get("settings", {}).get("model") and os.getenv("HF_API_TOKEN"):
+                convo = st.session_state["chat_history"][-6:]
+                history_str = "\n".join([f"User: {h['user']}\nAssistant: {h['assistant']}" for h in convo if h.get('assistant')])
+                prompt = (
+                    f"{GUIDE_SYSTEM}\nCurrentContext: {_summarize_context(entity_type, entity_value)}\n" +
+                    history_str + f"\nUser: {q}\nAssistant:")
+                reply = _hf_infer(MODEL_ID_MAP.get(st.session_state["settings"]["model"], st.session_state["settings"]["model"]), prompt, max_new_tokens=190, temperature=0.35)
+            if not reply:
+                reply = _rule_based_reply(q, entity_type, entity_value)
+            st.session_state["chat_history"].append({"user": q, "assistant": reply})
+    st.markdown("<div class='chat-input small'>Ethical OSINT only.🕵️‍♂️</div>", unsafe_allow_html=True)
+    st.markdown("</div>", unsafe_allow_html=True)
+
+if __name__ == "__main__":
+    main()
+

requirements.txt

@@ -0,0 +1,13 @@
+streamlit>=1.32
+duckduckgo_search
+rapidfuzz
+sentence-transformers
+networkx
+pyvis
+jinja2
+PyPDF2
+python-docx
+olefile
+mutagen
+exifread
+requests