Initial commit: Compliance Scanner Agent

Autonomous security and compliance scanning agent for git repositories.
Features: SAST (Semgrep), SBOM (Syft), CVE monitoring (OSV.dev/NVD),
GDPR/OAuth pattern detection, LLM triage, issue creation (GitHub/GitLab/Jira),
PR reviews, and Dioxus fullstack dashboard.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

compliance-agent/src/llm/client.rs

@@ -0,0 +1,157 @@
+use secrecy::{ExposeSecret, SecretString};
+use serde::{Deserialize, Serialize};
+
+use crate::error::AgentError;
+
+#[derive(Clone)]
+pub struct LlmClient {
+    base_url: String,
+    api_key: SecretString,
+    model: String,
+    http: reqwest::Client,
+}
+
+#[derive(Serialize)]
+struct ChatMessage {
+    role: String,
+    content: String,
+}
+
+#[derive(Serialize)]
+struct ChatCompletionRequest {
+    model: String,
+    messages: Vec<ChatMessage>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    temperature: Option<f64>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    max_tokens: Option<u32>,
+}
+
+#[derive(Deserialize)]
+struct ChatCompletionResponse {
+    choices: Vec<ChatChoice>,
+}
+
+#[derive(Deserialize)]
+struct ChatChoice {
+    message: ChatResponseMessage,
+}
+
+#[derive(Deserialize)]
+struct ChatResponseMessage {
+    content: String,
+}
+
+impl LlmClient {
+    pub fn new(base_url: String, api_key: SecretString, model: String) -> Self {
+        Self {
+            base_url,
+            api_key,
+            model,
+            http: reqwest::Client::new(),
+        }
+    }
+
+    pub async fn chat(
+        &self,
+        system_prompt: &str,
+        user_prompt: &str,
+        temperature: Option<f64>,
+    ) -> Result<String, AgentError> {
+        let url = format!("{}/v1/chat/completions", self.base_url.trim_end_matches('/'));
+
+        let request_body = ChatCompletionRequest {
+            model: self.model.clone(),
+            messages: vec![
+                ChatMessage {
+                    role: "system".to_string(),
+                    content: system_prompt.to_string(),
+                },
+                ChatMessage {
+                    role: "user".to_string(),
+                    content: user_prompt.to_string(),
+                },
+            ],
+            temperature,
+            max_tokens: Some(4096),
+        };
+
+        let mut req = self
+            .http
+            .post(&url)
+            .header("content-type", "application/json")
+            .json(&request_body);
+
+        let key = self.api_key.expose_secret();
+        if !key.is_empty() {
+            req = req.header("Authorization", format!("Bearer {key}"));
+        }
+
+        let resp = req.send().await.map_err(|e| {
+            AgentError::Other(format!("LiteLLM request failed: {e}"))
+        })?;
+
+        if !resp.status().is_success() {
+            let status = resp.status();
+            let body = resp.text().await.unwrap_or_default();
+            return Err(AgentError::Other(format!("LiteLLM returned {status}: {body}")));
+        }
+
+        let body: ChatCompletionResponse = resp.json().await.map_err(|e| {
+            AgentError::Other(format!("Failed to parse LiteLLM response: {e}"))
+        })?;
+
+        body.choices
+            .first()
+            .map(|c| c.message.content.clone())
+            .ok_or_else(|| AgentError::Other("Empty response from LiteLLM".to_string()))
+    }
+
+    pub async fn chat_with_messages(
+        &self,
+        messages: Vec<(String, String)>,
+        temperature: Option<f64>,
+    ) -> Result<String, AgentError> {
+        let url = format!("{}/v1/chat/completions", self.base_url.trim_end_matches('/'));
+
+        let request_body = ChatCompletionRequest {
+            model: self.model.clone(),
+            messages: messages
+                .into_iter()
+                .map(|(role, content)| ChatMessage { role, content })
+                .collect(),
+            temperature,
+            max_tokens: Some(4096),
+        };
+
+        let mut req = self
+            .http
+            .post(&url)
+            .header("content-type", "application/json")
+            .json(&request_body);
+
+        let key = self.api_key.expose_secret();
+        if !key.is_empty() {
+            req = req.header("Authorization", format!("Bearer {key}"));
+        }
+
+        let resp = req.send().await.map_err(|e| {
+            AgentError::Other(format!("LiteLLM request failed: {e}"))
+        })?;
+
+        if !resp.status().is_success() {
+            let status = resp.status();
+            let body = resp.text().await.unwrap_or_default();
+            return Err(AgentError::Other(format!("LiteLLM returned {status}: {body}")));
+        }
+
+        let body: ChatCompletionResponse = resp.json().await.map_err(|e| {
+            AgentError::Other(format!("Failed to parse LiteLLM response: {e}"))
+        })?;
+
+        body.choices
+            .first()
+            .map(|c| c.message.content.clone())
+            .ok_or_else(|| AgentError::Other("Empty response from LiteLLM".to_string()))
+    }
+}