feat: pentest onboarding — streaming, browser automation, reports, user cleanup (#16)

Complete pentest feature overhaul: SSE streaming, session-persistent browser tool (CDP), AES-256 credential encryption, auto-screenshots in reports, code-level remediation correlation, SAST triage chunking, context window optimization, test user cleanup (Keycloak/Auth0/Okta), wizard dropdowns, attack chain improvements, architecture docs with Mermaid diagrams.

Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #16

compliance-agent/src/pentest/report/mod.rs

@@ -3,7 +3,11 @@ mod html;
 mod pdf;
 
 use compliance_core::models::dast::DastFinding;
-use compliance_core::models::pentest::{AttackChainNode, PentestSession};
+use compliance_core::models::finding::Finding;
+use compliance_core::models::pentest::{
+    AttackChainNode, CodeContextHint, PentestConfig, PentestSession,
+};
+use compliance_core::models::sbom::SbomEntry;
 use sha2::{Digest, Sha256};
 
 /// Report archive with metadata
@@ -23,6 +27,13 @@ pub struct ReportContext {
     pub attack_chain: Vec<AttackChainNode>,
     pub requester_name: String,
     pub requester_email: String,
+    pub config: Option<PentestConfig>,
+    /// SAST findings for the linked repository (for code-level correlation)
+    pub sast_findings: Vec<Finding>,
+    /// Vulnerable dependencies from SBOM
+    pub sbom_entries: Vec<SbomEntry>,
+    /// Code knowledge graph entry points linked to SAST findings
+    pub code_context: Vec<CodeContextHint>,
 }
 
 /// Generate a password-protected ZIP archive containing the pentest report.