feat: AI-driven automated penetration testing system

Add a complete AI pentest system where Claude autonomously drives security
testing via tool-calling. The LLM selects from 16 tools, chains results,
and builds an attack chain DAG.

Core:
- PentestTool trait (dyn-compatible) with PentestToolContext/Result
- PentestSession, AttackChainNode, PentestMessage, PentestEvent models
- 10 new DastVulnType variants (DNS, DMARC, TLS, cookies, CSP, CORS, etc.)
- LLM client chat_with_tools() for OpenAI-compatible tool calling

Tools (16 total):
- 5 agent wrappers: SQL injection, XSS, auth bypass, SSRF, API fuzzer
- 11 new infra tools: DNS checker, DMARC checker, TLS analyzer,
  security headers, cookie analyzer, CSP analyzer, rate limit tester,
  console log detector, CORS checker, OpenAPI parser, recon
- ToolRegistry for tool lookup and LLM definition generation

Orchestrator:
- PentestOrchestrator with iterative tool-calling loop (max 50 rounds)
- Attack chain node recording per tool invocation
- SSE event broadcasting for real-time progress
- Strategy-aware system prompts (quick/comprehensive/targeted/aggressive/stealth)

API (9 endpoints):
- POST/GET /pentest/sessions, GET /pentest/sessions/:id
- POST /pentest/sessions/:id/chat, GET /pentest/sessions/:id/stream
- GET /pentest/sessions/:id/attack-chain, messages, findings
- GET /pentest/stats

Dashboard:
- Pentest dashboard with stat cards, severity distribution, session list
- Chat-based session page with split layout (chat + findings/attack chain)
- Inline tool execution indicators, auto-polling, new session modal
- Sidebar navigation item

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

compliance-agent/src/api/routes.rs

@@ -99,6 +99,36 @@ pub fn build_router() -> Router {
             "/api/v1/chat/{repo_id}/status",
             get(handlers::chat::embedding_status),
         )
+        // Pentest API endpoints
+        .route(
+            "/api/v1/pentest/sessions",
+            get(handlers::pentest::list_sessions).post(handlers::pentest::create_session),
+        )
+        .route(
+            "/api/v1/pentest/sessions/{id}",
+            get(handlers::pentest::get_session),
+        )
+        .route(
+            "/api/v1/pentest/sessions/{id}/chat",
+            post(handlers::pentest::send_message),
+        )
+        .route(
+            "/api/v1/pentest/sessions/{id}/stream",
+            get(handlers::pentest::session_stream),
+        )
+        .route(
+            "/api/v1/pentest/sessions/{id}/attack-chain",
+            get(handlers::pentest::get_attack_chain),
+        )
+        .route(
+            "/api/v1/pentest/sessions/{id}/messages",
+            get(handlers::pentest::get_messages),
+        )
+        .route(
+            "/api/v1/pentest/sessions/{id}/findings",
+            get(handlers::pentest::get_session_findings),
+        )
+        .route("/api/v1/pentest/stats", get(handlers::pentest::pentest_stats))
         // Webhook endpoints (proxied through dashboard)
         .route(
             "/webhook/github/{repo_id}",