fix: add pentest architecture to sidebar, fix image paths, enable mermaid

- Add vitepress-plugin-mermaid for diagram rendering
- Add Pentest Architecture page to sidebar nav
- Fix image paths (../public/ → / for VitePress public serving)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs/.vitepress/config.mts

@@ -1,6 +1,7 @@
 import { defineConfig } from 'vitepress'
+import { withMermaid } from 'vitepress-plugin-mermaid'
 
-export default defineConfig({
+export default withMermaid(defineConfig({
   title: 'Certifai',
   description: 'AI-powered security compliance scanning platform',
   ignoreDeadLinks: [
@@ -31,6 +32,7 @@ export default defineConfig({
           { text: 'Dashboard Overview', link: '/features/overview' },
           { text: 'DAST Scanning', link: '/features/dast' },
           { text: 'AI Pentest', link: '/features/pentest' },
+          { text: 'Pentest Architecture', link: '/features/pentest-architecture' },
           { text: 'AI Chat', link: '/features/ai-chat' },
           { text: 'Code Knowledge Graph', link: '/features/graph' },
           { text: 'MCP Integration', link: '/features/mcp-server' },
@@ -51,4 +53,5 @@ export default defineConfig({
       message: 'Certifai Documentation',
     },
   },
-})
+  mermaid: {},
+}))

docs/features/pentest-architecture.md

@@ -230,7 +230,7 @@ A finding like "Reflected XSS in /api/search" would show:
 
 ### Pentest Dashboard
 
-![Pentest Dashboard](../public/screenshots/pentest-dashboard.png)
+![Pentest Dashboard](/screenshots/pentest-dashboard.png)
 
 The dashboard shows aggregate statistics, severity distribution, and recent sessions with status badges. Running sessions can be paused, resumed, or stopped.
 
@@ -238,29 +238,29 @@ The dashboard shows aggregate statistics, severity distribution, and recent sess
 
 **Step 1 — Target & Scope** (with dropdown showing existing DAST targets):
 
-![Wizard Step 1 — Target dropdown](../public/screenshots/pentest-wizard-step1-dropdown.png)
+![Wizard Step 1 — Target dropdown](/screenshots/pentest-wizard-step1-dropdown.png)
 
 **Step 2 — Authentication** (Auto-Register mode with optional registration URL, verification email, IMAP settings):
 
-![Wizard Step 2 — Auth](../public/screenshots/pentest-wizard-step2-auth.png)
+![Wizard Step 2 — Auth](/screenshots/pentest-wizard-step2-auth.png)
 
 **Step 3 — Strategy & Instructions** (strategy selection, scope exclusions, duration, tester info):
 
-![Wizard Step 3 — Strategy](../public/screenshots/pentest-wizard-step3-strategy.png)
+![Wizard Step 3 — Strategy](/screenshots/pentest-wizard-step3-strategy.png)
 
 **Step 4 — Review & Confirm** (summary + authorization disclaimer):
 
-![Wizard Step 4 — Confirm](../public/screenshots/pentest-wizard-step4-confirm.png)
+![Wizard Step 4 — Confirm](/screenshots/pentest-wizard-step4-confirm.png)
 
 ### Session — Findings
 
-![Session Findings](../public/screenshots/pentest-session-findings.png)
+![Session Findings](/screenshots/pentest-session-findings.png)
 
 Each finding shows severity, CWE, endpoint, description, and remediation. Exploitable findings are flagged. SAST correlations are shown when available.
 
 ### Session — Attack Chain
 
-![Attack Chain](../public/screenshots/pentest-attack-chain.png)
+![Attack Chain](/screenshots/pentest-attack-chain.png)
 
 The attack chain visualizes the DAG of tool executions grouped into phases (Reconnaissance, Analysis, Boundary Testing, Exploitation). Each node shows tool name, category, duration, findings count, and risk score. Running nodes pulse with an animation.
 

docs/package.json

@@ -8,5 +8,9 @@
   },
   "devDependencies": {
     "vitepress": "^1.6.4"
+  },
+  "dependencies": {
+    "mermaid": "^11.13.0",
+    "vitepress-plugin-mermaid": "^2.0.17"
   }
 }