Initial commit: Compliance Scanner Agent

Autonomous security and compliance scanning agent for git repositories.
Features: SAST (Semgrep), SBOM (Syft), CVE monitoring (OSV.dev/NVD),
GDPR/OAuth pattern detection, LLM triage, issue creation (GitHub/GitLab/Jira),
PR reviews, and Dioxus fullstack dashboard.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

compliance-agent/src/llm/triage.rs

@@ -0,0 +1,73 @@
+use std::sync::Arc;
+
+use compliance_core::models::{Finding, FindingStatus};
+
+use crate::llm::LlmClient;
+
+const TRIAGE_SYSTEM_PROMPT: &str = r#"You are a security finding triage expert. Analyze the following security finding and determine:
+1. Is this a true positive? (yes/no)
+2. Confidence score (0-10, where 10 is highest confidence this is a real issue)
+3. Brief remediation suggestion (1-2 sentences)
+
+Respond in JSON format:
+{"true_positive": true/false, "confidence": N, "remediation": "..."}"#;
+
+pub async fn triage_findings(llm: &Arc<LlmClient>, findings: &mut Vec<Finding>) -> usize {
+    let mut passed = 0;
+
+    for finding in findings.iter_mut() {
+        let user_prompt = format!(
+            "Scanner: {}\nRule: {}\nSeverity: {}\nTitle: {}\nDescription: {}\nFile: {}\nLine: {}\nCode: {}",
+            finding.scanner,
+            finding.rule_id.as_deref().unwrap_or("N/A"),
+            finding.severity,
+            finding.title,
+            finding.description,
+            finding.file_path.as_deref().unwrap_or("N/A"),
+            finding.line_number.map(|n| n.to_string()).unwrap_or_else(|| "N/A".to_string()),
+            finding.code_snippet.as_deref().unwrap_or("N/A"),
+        );
+
+        match llm.chat(TRIAGE_SYSTEM_PROMPT, &user_prompt, Some(0.1)).await {
+            Ok(response) => {
+                if let Ok(result) = serde_json::from_str::<TriageResult>(&response) {
+                    finding.confidence = Some(result.confidence);
+                    if let Some(remediation) = result.remediation {
+                        finding.remediation = Some(remediation);
+                    }
+
+                    if result.confidence >= 3.0 {
+                        finding.status = FindingStatus::Triaged;
+                        passed += 1;
+                    } else {
+                        finding.status = FindingStatus::FalsePositive;
+                    }
+                } else {
+                    // If LLM response doesn't parse, keep the finding
+                    finding.status = FindingStatus::Triaged;
+                    passed += 1;
+                    tracing::warn!("Failed to parse triage response for {}: {response}", finding.fingerprint);
+                }
+            }
+            Err(e) => {
+                // On LLM error, keep the finding
+                tracing::warn!("LLM triage failed for {}: {e}", finding.fingerprint);
+                finding.status = FindingStatus::Triaged;
+                passed += 1;
+            }
+        }
+    }
+
+    // Remove false positives
+    findings.retain(|f| f.status != FindingStatus::FalsePositive);
+    passed
+}
+
+#[derive(serde::Deserialize)]
+struct TriageResult {
+    #[serde(default)]
+    true_positive: bool,
+    #[serde(default)]
+    confidence: f64,
+    remediation: Option<String>,
+}