fix: resolve all clippy warnings with RUSTFLAGS="-D warnings"

Fix dead code warnings, redundant clones, boolean simplification,
format-in-format-args, type complexity, and Box::new of Default
across compliance-dast, compliance-agent, and compliance-dashboard.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

compliance-agent/src/llm/client.rs

@@ -158,7 +158,7 @@ impl LlmClient {
     ) -> Result<LlmResponse, AgentError> {
         let mut req = self
             .http
-            .post(&self.chat_url())
+            .post(self.chat_url())
             .header("content-type", "application/json")
             .json(request_body);
 

compliance-agent/src/pentest/orchestrator.rs

@@ -35,10 +35,12 @@ impl PentestOrchestrator {
         }
     }
 
+    #[allow(dead_code)]
     pub fn subscribe(&self) -> broadcast::Receiver<PentestEvent> {
         self.event_tx.subscribe()
     }
 
+    #[allow(dead_code)]
     pub fn event_sender(&self) -> broadcast::Sender<PentestEvent> {
         self.event_tx.clone()
     }

compliance-agent/src/pentest/report/archive.rs

@@ -19,17 +19,17 @@ pub(super) fn build_zip(
         .with_aes_encryption(AesMode::Aes256, password);
 
     // report.pdf (primary)
-    zip.start_file("report.pdf", options.clone())?;
+    zip.start_file("report.pdf", options)?;
     zip.write_all(pdf)?;
 
     // report.html (fallback)
-    zip.start_file("report.html", options.clone())?;
+    zip.start_file("report.html", options)?;
     zip.write_all(html.as_bytes())?;
 
     // findings.json
     let findings_json =
         serde_json::to_string_pretty(&ctx.findings).unwrap_or_else(|_| "[]".to_string());
-    zip.start_file("findings.json", options.clone())?;
+    zip.start_file("findings.json", options)?;
     zip.write_all(findings_json.as_bytes())?;
 
     // attack-chain.json

compliance-agent/src/pentest/report/html.rs

@@ -3,6 +3,7 @@ use compliance_core::models::pentest::AttackChainNode;
 
 use super::ReportContext;
 
+#[allow(clippy::format_in_format_args)]
 pub(super) fn build_html_report(ctx: &ReportContext) -> String {
     let session = &ctx.session;
     let session_id = session
@@ -68,10 +69,8 @@ pub(super) fn build_html_report(ctx: &ReportContext) -> String {
     };
 
     // Risk score 0-100
-    let risk_score: usize = std::cmp::min(
-        100,
-        critical * 25 + high * 15 + medium * 8 + low * 3 + info * 1,
-    );
+    let risk_score: usize =
+        std::cmp::min(100, critical * 25 + high * 15 + medium * 8 + low * 3 + info);
 
     // Collect unique tool names used
     let tool_names: Vec<String> = {
@@ -226,7 +225,7 @@ pub(super) fn build_html_report(ctx: &ReportContext) -> String {
                         ev.response_status,
                         ev.response_snippet
                             .as_deref()
-                            .map(|s| html_escape(s))
+                            .map(html_escape)
                             .unwrap_or_default(),
                         payload_info,
                     ));
@@ -447,7 +446,7 @@ pub(super) fn build_html_report(ctx: &ReportContext) -> String {
     let toc_findings_sub = if !ctx.findings.is_empty() {
         let mut sub = String::new();
         let mut fnum = 0usize;
-        for (si, &sev_key) in severity_order.iter().enumerate() {
+        for &sev_key in severity_order.iter() {
             let count = ctx
                 .findings
                 .iter()