Add DAST, graph modules, toast notifications, and dashboard enhancements

Add DAST scanning and code knowledge graph features across the stack:
- compliance-dast and compliance-graph workspace crates
- Agent API handlers and routes for DAST targets/scans and graph builds
- Core models and traits for DAST and graph domains
- Dashboard pages for DAST targets/findings/overview and graph explorer/impact
- Toast notification system with auto-dismiss for async action feedback
- Button click animations and disabled states for better UX

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

compliance-core/src/traits/dast_agent.rs

@@ -0,0 +1,47 @@
+use crate::error::CoreError;
+use crate::models::dast::{DastFinding, DastTarget};
+
+/// Context passed to DAST agents containing discovered information
+#[derive(Debug, Clone, Default)]
+pub struct DastContext {
+    /// Discovered endpoints from crawling
+    pub endpoints: Vec<DiscoveredEndpoint>,
+    /// Technologies detected during recon
+    pub technologies: Vec<String>,
+    /// Existing SAST findings for prioritization
+    pub sast_hints: Vec<String>,
+}
+
+/// An endpoint discovered during crawling
+#[derive(Debug, Clone)]
+pub struct DiscoveredEndpoint {
+    pub url: String,
+    pub method: String,
+    pub parameters: Vec<EndpointParameter>,
+    pub content_type: Option<String>,
+    pub requires_auth: bool,
+}
+
+/// A parameter on a discovered endpoint
+#[derive(Debug, Clone)]
+pub struct EndpointParameter {
+    pub name: String,
+    /// "query", "body", "header", "path", "cookie"
+    pub location: String,
+    pub param_type: Option<String>,
+    pub example_value: Option<String>,
+}
+
+/// Trait for DAST testing agents (injection, XSS, auth bypass, etc.)
+#[allow(async_fn_in_trait)]
+pub trait DastAgent: Send + Sync {
+    /// Agent name (e.g., "sql_injection", "xss", "auth_bypass")
+    fn name(&self) -> &str;
+
+    /// Run the agent against a target with discovered context
+    async fn run(
+        &self,
+        target: &DastTarget,
+        context: &DastContext,
+    ) -> Result<Vec<DastFinding>, CoreError>;
+}

compliance-core/src/traits/graph_builder.rs

@@ -0,0 +1,30 @@
+use std::path::Path;
+
+use crate::error::CoreError;
+use crate::models::graph::{CodeEdge, CodeNode};
+
+/// Output from parsing a single file
+#[derive(Debug, Default)]
+pub struct ParseOutput {
+    pub nodes: Vec<CodeNode>,
+    pub edges: Vec<CodeEdge>,
+}
+
+/// Trait for language-specific code parsers
+#[allow(async_fn_in_trait)]
+pub trait LanguageParser: Send + Sync {
+    /// Language name (e.g., "rust", "python", "javascript")
+    fn language(&self) -> &str;
+
+    /// File extensions this parser handles
+    fn extensions(&self) -> &[&str];
+
+    /// Parse a single file and extract nodes + edges
+    fn parse_file(
+        &self,
+        file_path: &Path,
+        source: &str,
+        repo_id: &str,
+        graph_build_id: &str,
+    ) -> Result<ParseOutput, CoreError>;
+}

compliance-core/src/traits/mod.rs

@@ -1,5 +1,9 @@
+pub mod dast_agent;
+pub mod graph_builder;
 pub mod issue_tracker;
 pub mod scanner;
 
+pub use dast_agent::{DastAgent, DastContext, DiscoveredEndpoint, EndpointParameter};
+pub use graph_builder::{LanguageParser, ParseOutput};
 pub use issue_tracker::IssueTracker;
 pub use scanner::{ScanOutput, Scanner};