{# T27.1: per-session CSRF token. Mutating fetches read this and #} {# send it back in the X-CSRF-Token header; HTML forms include it #} {# as a hidden ``csrf_token`` field. Empty string when the request #} {# came in unauthenticated (we redirect to login before reaching #} {# render in that case; the empty value is defence-in-depth). #} {# T55 step 9: terminal-brutalist dashboard styles. Inlined here (not in dashboard.css) so the visual identity stays self-contained on this surface while the rest of the dashboard.css keeps powering the legacy pages (data, api-keys, scan-new). Once T55 has shipped to prod and the existing pages are migrated, the rules can be hoisted to dashboard.css. #}
browser-recon
{% with active='overview' %}{% include 'partials/dashboard_nav.html' %}{% endwith %}
browser-recon.com / dashboard
{{ user_email }}

recent_scans

tier: {{ tier_display }} · renews: {{ credits_renew_at_display }}
start_scan {% if buy_more_url %} buy_credits {% else %} buy_credits {% endif %}
CREDITS
{{ scan_credits }}remaining
SCANS_THIS_MONTH
{{ '%02d'|format(scans_this_month) }}
SUCCESS_RATE_30D
{{ success_rate_30d_display }}
{% if scans %} {% if is_admin %} {% endif %} {% for s in scans %} {# T21 admin-only "View debug" link. Gated in-template via #} {# ``is_admin`` (resolved from ``user_role``) so a regular #} {# user doesn't even see the affordance. The route itself #} {# also enforces the admin-or-owner gate, defence in depth. #} {% if is_admin %} {% endif %} {% endfor %}
date domain status expires reportdebug
{{ s.scanned_at }} {{ s.target_domain }} {% if s.status == 'complete' %} {{ s.status }} {% elif s.status == 'failed' %} {{ s.status }} {% else %} {{ s.status }} {% endif %} {{ s.expires_at_display }} {% if s.expired %}
{% else %} view → {% endif %} 		debug →
{% else %}
No scans yet. Run recon scan https://example.com from your CLI to see results here.
{% endif %}