feat: AI-driven automated penetration testing (#12)

compliance-agent/src/database.rs

@@ -166,6 +166,38 @@ impl Database {
             )
             .await?;
 
+        // pentest_sessions: compound (target_id, started_at DESC)
+        self.pentest_sessions()
+            .create_index(
+                IndexModel::builder()
+                    .keys(doc! { "target_id": 1, "started_at": -1 })
+                    .build(),
+            )
+            .await?;
+
+        // pentest_sessions: status index
+        self.pentest_sessions()
+            .create_index(IndexModel::builder().keys(doc! { "status": 1 }).build())
+            .await?;
+
+        // attack_chain_nodes: compound (session_id, node_id)
+        self.attack_chain_nodes()
+            .create_index(
+                IndexModel::builder()
+                    .keys(doc! { "session_id": 1, "node_id": 1 })
+                    .build(),
+            )
+            .await?;
+
+        // pentest_messages: compound (session_id, created_at)
+        self.pentest_messages()
+            .create_index(
+                IndexModel::builder()
+                    .keys(doc! { "session_id": 1, "created_at": 1 })
+                    .build(),
+            )
+            .await?;
+
         tracing::info!("Database indexes ensured");
         Ok(())
     }
@@ -235,6 +267,19 @@ impl Database {
         self.inner.collection("embedding_builds")
     }
 
+    // Pentest collections
+    pub fn pentest_sessions(&self) -> Collection<PentestSession> {
+        self.inner.collection("pentest_sessions")
+    }
+
+    pub fn attack_chain_nodes(&self) -> Collection<AttackChainNode> {
+        self.inner.collection("attack_chain_nodes")
+    }
+
+    pub fn pentest_messages(&self) -> Collection<PentestMessage> {
+        self.inner.collection("pentest_messages")
+    }
+
     #[allow(dead_code)]
     pub fn raw_collection(&self, name: &str) -> Collection<mongodb::bson::Document> {
         self.inner.collection(name)