feat: pentest onboarding — streaming, browser automation, reports, user cleanup (#16)

Complete pentest feature overhaul: SSE streaming, session-persistent browser tool (CDP), AES-256 credential encryption, auto-screenshots in reports, code-level remediation correlation, SAST triage chunking, context window optimization, test user cleanup (Keycloak/Auth0/Okta), wizard dropdowns, attack chain improvements, architecture docs with Mermaid diagrams.

Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #16

compliance-dashboard/assets/main.css

@@ -3305,7 +3305,7 @@ tbody tr:last-child td {
     transition: max-height 0.28s cubic-bezier(0.16,1,0.3,1);
 }
 .ac-tool-detail.open {
-    max-height: 300px;
+    max-height: 800px;
 }
 .ac-tool-detail-inner {
     padding: 6px 10px 10px 49px;
@@ -3338,3 +3338,310 @@ tbody tr:last-child td {
 .ac-detail-value {
     color: var(--text-secondary);
 }
+
+/* Running node pulse animation */
+.ac-node-running {
+    animation: ac-pulse 2s ease-in-out infinite;
+}
+@keyframes ac-pulse {
+    0%, 100% { box-shadow: inset 0 0 0 transparent; }
+    50% { box-shadow: inset 0 0 12px rgba(217, 119, 6, 0.15); }
+}
+
+/* Tool input/output data blocks */
+.ac-data-section {
+    margin-top: 8px;
+}
+.ac-data-label {
+    color: var(--text-tertiary, #6b7280);
+    text-transform: uppercase;
+    font-size: 9px;
+    letter-spacing: 0.04em;
+    margin-bottom: 3px;
+}
+.ac-data-block {
+    background: rgba(0, 0, 0, 0.25);
+    border: 1px solid var(--border, #162038);
+    border-radius: 6px;
+    padding: 8px 10px;
+    font-family: var(--font-mono, monospace);
+    font-size: 10px;
+    line-height: 1.5;
+    color: var(--text-secondary);
+    white-space: pre-wrap;
+    word-break: break-all;
+    max-height: 200px;
+    overflow-y: auto;
+    margin: 0;
+}
+
+/* ═══════════════════════════════════════════════════
+   Pentest Wizard
+   ═══════════════════════════════════════════════════ */
+
+.wizard-backdrop {
+    position: fixed;
+    inset: 0;
+    background: rgba(0, 0, 0, 0.6);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    z-index: 1000;
+}
+
+.wizard-dialog {
+    background: var(--bg-secondary);
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-lg);
+    width: 600px;
+    max-width: 92vw;
+    max-height: 90vh;
+    display: flex;
+    flex-direction: column;
+    overflow: hidden;
+    position: relative;
+}
+
+/* Close button (top-right corner, always visible) */
+.wizard-close-btn {
+    position: absolute;
+    top: 12px;
+    right: 12px;
+    z-index: 10;
+    background: none;
+    border: 1px solid transparent;
+    border-radius: 6px;
+    color: var(--text-secondary);
+    cursor: pointer;
+    padding: 4px 6px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    transition: color 0.15s, border-color 0.15s;
+}
+.wizard-close-btn:hover {
+    color: var(--text-primary);
+    border-color: var(--border-color);
+}
+
+/* Dropdown for existing targets/repos */
+.wizard-dropdown {
+    position: absolute;
+    top: 100%;
+    left: 0;
+    right: 0;
+    z-index: 20;
+    background: var(--bg-elevated, var(--bg-secondary));
+    border: 1px solid var(--border-color);
+    border-radius: 0 0 8px 8px;
+    max-height: 200px;
+    overflow-y: auto;
+    box-shadow: 0 8px 24px rgba(0, 0, 0, 0.25);
+}
+.wizard-dropdown-item {
+    padding: 8px 12px;
+    cursor: pointer;
+    transition: background 0.1s;
+    border-bottom: 1px solid var(--border-color);
+}
+.wizard-dropdown-item:last-child {
+    border-bottom: none;
+}
+.wizard-dropdown-item:hover {
+    background: var(--bg-card-hover, rgba(255,255,255,0.04));
+}
+
+/* SSH key display */
+.wizard-ssh-key {
+    margin-top: 8px;
+    padding: 10px 12px;
+    background: rgba(0, 200, 255, 0.04);
+    border: 1px solid var(--border-accent, rgba(0,200,255,0.15));
+    border-radius: 8px;
+}
+.wizard-ssh-key-box {
+    padding: 8px 10px;
+    background: var(--bg-primary);
+    border-radius: 4px;
+    font-family: var(--font-mono, monospace);
+    font-size: 10px;
+    word-break: break-all;
+    user-select: all;
+    color: var(--text-secondary);
+    line-height: 1.4;
+}
+
+.wizard-steps {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: 8px;
+    padding: 16px 24px;
+    border-bottom: 1px solid var(--border-color);
+    background: var(--bg-primary);
+}
+
+.wizard-step {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    font-size: 0.8rem;
+    color: var(--text-tertiary);
+    position: relative;
+}
+
+.wizard-step + .wizard-step::before {
+    content: '';
+    display: block;
+    width: 24px;
+    height: 1px;
+    background: var(--border-color);
+    margin-right: 4px;
+}
+
+.wizard-step.active {
+    color: var(--accent);
+}
+
+.wizard-step.completed {
+    color: var(--status-success);
+}
+
+.wizard-step-dot {
+    width: 22px;
+    height: 22px;
+    border-radius: 50%;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    font-size: 0.7rem;
+    font-weight: 700;
+    background: var(--bg-tertiary);
+    color: var(--text-tertiary);
+    flex-shrink: 0;
+}
+
+.wizard-step.active .wizard-step-dot {
+    background: var(--accent);
+    color: var(--bg-primary);
+}
+
+.wizard-step.completed .wizard-step-dot {
+    background: var(--status-success);
+    color: var(--bg-primary);
+}
+
+.wizard-step-label {
+    display: none;
+}
+
+@media (min-width: 480px) {
+    .wizard-step-label {
+        display: inline;
+    }
+}
+
+.wizard-body {
+    padding: 20px 24px;
+    min-height: 300px;
+    overflow-y: auto;
+    flex: 1;
+}
+
+.wizard-body h3 {
+    font-size: 1.05rem;
+    font-weight: 600;
+    color: var(--text-primary);
+}
+
+.wizard-field {
+    margin-bottom: 12px;
+}
+
+.wizard-field label {
+    display: block;
+    font-size: 0.82rem;
+    color: var(--text-secondary);
+    margin-bottom: 4px;
+    font-weight: 500;
+}
+
+.wizard-field .chat-input,
+.wizard-field select {
+    width: 100%;
+}
+
+.wizard-footer {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: 12px 24px;
+    border-top: 1px solid var(--border-color);
+    background: var(--bg-primary);
+}
+
+.wizard-disclaimer {
+    background: rgba(255, 176, 32, 0.08);
+    border: 1px solid rgba(255, 176, 32, 0.25);
+    border-radius: var(--radius);
+    padding: 16px;
+    margin-top: 16px;
+    color: var(--text-primary);
+    font-size: 0.85rem;
+    line-height: 1.55;
+}
+
+.wizard-summary {
+    background: var(--bg-primary);
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius);
+    padding: 16px;
+}
+
+.wizard-summary dl {
+    display: grid;
+    grid-template-columns: auto 1fr;
+    gap: 6px 16px;
+    margin: 0;
+    font-size: 0.85rem;
+}
+
+.wizard-summary dt {
+    color: var(--text-secondary);
+    font-weight: 500;
+}
+
+.wizard-summary dd {
+    color: var(--text-primary);
+    margin: 0;
+}
+
+.wizard-toggle {
+    width: 36px;
+    height: 20px;
+    background: var(--bg-tertiary);
+    border-radius: 10px;
+    cursor: pointer;
+    position: relative;
+    transition: background 0.2s;
+    flex-shrink: 0;
+}
+
+.wizard-toggle.active {
+    background: var(--accent);
+}
+
+.wizard-toggle-knob {
+    width: 16px;
+    height: 16px;
+    background: #fff;
+    border-radius: 50%;
+    position: absolute;
+    top: 2px;
+    left: 2px;
+    transition: transform 0.2s;
+}
+
+.wizard-toggle.active .wizard-toggle-knob {
+    transform: translateX(16px);
+}