Replace expect/unwrap calls with safe alternatives, add Default impls
for parser structs and Toasts, fix redundant closures, collapse nested
ifs, remove unused import, and allow recursive-only-self/too-many-args
lints in compliance-graph.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix SBOM display bug by removing incorrect BSON serde helpers on DateTime fields
- Add filtered/searchable SBOM list with repo, package manager, search, vuln, and license filters
- Add SBOM export (CycloneDX 1.5 / SPDX 2.3), license compliance tab, and cross-repo diff
- Add vulnerability drill-down with inline CVE details and advisory links
- Add DELETE /api/v1/repositories/{id} with cascade delete of all related data
- Add delete repository button with confirmation modal warning in dashboard
- Add spinner and progress bar for embedding builds with auto-polling status
- Install syft in agent Dockerfile for SBOM generation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement end-to-end RAG pipeline: AST-aware code chunking, LiteLLM
embedding generation, MongoDB vector storage with brute-force cosine
similarity fallback for self-hosted instances, and a chat API with
RAG-augmented responses. Add dedicated /chat/:repo_id dashboard page
with embedding build controls, message history, and source reference
cards.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a repo_filter signal and fetches the repository list to populate
a select dropdown before existing severity/type/status filters,
allowing users to filter findings by specific repository.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Show updated_at as relative time (e.g. "5m ago", "3d ago") instead
of the last_scanned_commit hex SHA which was not a date
- Add Graph link button next to Scan button for quick navigation
to the repository's code knowledge graph
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Widen code inspector panel from 450px to 550px for better readability
- Redesign graph index landing page with polished repo cards showing
name, git URL, branch, findings count, and relative update time
- Add search suggestions dropdown in graph explorer that appears on
typing >= 2 chars, showing node name, kind badge, and file path
- Add full graph explorer styles matching Obsidian Control dark theme
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds code inspector, file tree components, graph visualization JS,
graph API handlers, sidebar navigation updates, and misc improvements.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add DAST scanning and code knowledge graph features across the stack:
- compliance-dast and compliance-graph workspace crates
- Agent API handlers and routes for DAST targets/scans and graph builds
- Core models and traits for DAST and graph domains
- Dashboard pages for DAST targets/findings/overview and graph explorer/impact
- Toast notification system with auto-dismiss for async action feedback
- Button click animations and disabled states for better UX
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Run cargo fmt on all crates
- Fix regex patterns using unsupported lookahead in patterns.rs
- Replace unwrap() calls with compile_regex() helper
- Fix never type fallback in GitHub tracker
- Fix redundant field name in findings page
- Allow enum_variant_names for Dioxus Route enum
- Fix &mut Vec -> &mut [T] clippy lint in sbom.rs
- Mark unused-but-intended APIs with #[allow(dead_code)]
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Format, clippy, security audit, and test stages adapted from certifai.
Clippy and tests run per-crate with proper feature gating for the
dashboard's server/web split.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Feature-gate mongodb in compliance-core (optional, default on) so wasm
builds don't pull in tokio/mio via mongodb
- Use bson v2 directly for ObjectId types (wasm-compatible)
- Restructure dashboard infrastructure/mod.rs: server function modules
always compiled (for RPC stubs), server-only modules cfg-gated
- Remove reqwest from dashboard web feature (not needed, data flows
through server functions)
- Add .gitignore
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
