fix: Go-пакеты со слешами в имени ломали роутинг

Использован :path в FastAPI-роутах, имя+версия парсятся из URL.
Шаблоны urlencode-ят имена пакетов при генерации ссылок.

guarddog_nexus/web/routes.py

@@ -1,5 +1,7 @@
 """Web UI routes — Jinja2 + htmx pages."""
 
+from urllib.parse import unquote
+
 from fastapi import APIRouter, Depends, Request
 from fastapi.responses import HTMLResponse
 from jinja2 import Environment, PackageLoader, select_autoescape
@@ -154,20 +156,25 @@ async def packages_list(
     )
 
 
-@router.get("/packages/{name}/{version}", response_class=HTMLResponse)
+@router.get("/packages/{name:path}", response_class=HTMLResponse)
 async def package_detail(
     name: str,
-    version: str,
     request: Request,
     session: AsyncSession = Depends(get_session),
 ):
+    # name:path captures the entire path after /packages/
+    # e.g. "eviltest/0.1.0" or "github.com/attacker/evilmodule/v0.1.0"
+    parts = name.rsplit("/", 1)
+    pkg_name = unquote(parts[0])
+    pkg_version = unquote(parts[1]) if len(parts) == 2 else ""
+
     from sqlalchemy.orm import selectinload
 
     scans = (
         (
             await session.execute(
                 select(Scan)
-                .where(Scan.package_name == name, Scan.package_version == version)
+                .where(Scan.package_name == pkg_name, Scan.package_version == pkg_version)
                 .options(selectinload(Scan.findings))
                 .order_by(Scan.started_at.desc())
             )
@@ -185,8 +192,8 @@ async def package_detail(
 
     return _render(
         "package_detail.html",
-        pkg_name=name,
-        pkg_version=version,
+        pkg_name=pkg_name,
+        pkg_version=pkg_version,
         scans=scans,
         findings=all_findings,
         request=request,