compliance-scanner-agent

Author	SHA1	Message	Date
Sharang Parnerkar	71d8741e10	feat: AI-driven automated penetration testing system Add a complete AI pentest system where Claude autonomously drives security testing via tool-calling. The LLM selects from 16 tools, chains results, and builds an attack chain DAG. Core: - PentestTool trait (dyn-compatible) with PentestToolContext/Result - PentestSession, AttackChainNode, PentestMessage, PentestEvent models - 10 new DastVulnType variants (DNS, DMARC, TLS, cookies, CSP, CORS, etc.) - LLM client chat_with_tools() for OpenAI-compatible tool calling Tools (16 total): - 5 agent wrappers: SQL injection, XSS, auth bypass, SSRF, API fuzzer - 11 new infra tools: DNS checker, DMARC checker, TLS analyzer, security headers, cookie analyzer, CSP analyzer, rate limit tester, console log detector, CORS checker, OpenAPI parser, recon - ToolRegistry for tool lookup and LLM definition generation Orchestrator: - PentestOrchestrator with iterative tool-calling loop (max 50 rounds) - Attack chain node recording per tool invocation - SSE event broadcasting for real-time progress - Strategy-aware system prompts (quick/comprehensive/targeted/aggressive/stealth) API (9 endpoints): - POST/GET /pentest/sessions, GET /pentest/sessions/:id - POST /pentest/sessions/:id/chat, GET /pentest/sessions/:id/stream - GET /pentest/sessions/:id/attack-chain, messages, findings - GET /pentest/stats Dashboard: - Pentest dashboard with stat cards, severity distribution, session list - Chat-based session page with split layout (chat + findings/attack chain) - Inline tool execution indicators, auto-polling, new session modal - Sidebar navigation item Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 19:23:21 +01:00
Sharang Parnerkar	491665559f	feat: per-repo issue tracker, Gitea support, PR review pipeline (#10 ) Some checks failed CI / Security Audit (push) Has been cancelled Details CI / Tests (push) Has been cancelled Details CI / Detect Changes (push) Has been cancelled Details CI / Deploy Agent (push) Has been cancelled Details CI / Deploy Dashboard (push) Has been cancelled Details CI / Deploy Docs (push) Has been cancelled Details CI / Deploy MCP (push) Has been cancelled Details CI / Clippy (push) Has been cancelled Details CI / Format (push) Successful in 4s Details	2026-03-11 12:13:59 +00:00
Sharang Parnerkar	daff5812a6	fix: SBOM multi-ecosystem support with correct package managers and licenses (#8 ) Some checks failed CI / Format (push) Successful in 3s Details CI / Clippy (push) Successful in 4m28s Details CI / Security Audit (push) Failing after 1m52s Details CI / Tests (push) Has been skipped Details CI / Detect Changes (push) Has been skipped Details CI / Deploy Agent (push) Has been skipped Details CI / Deploy Dashboard (push) Has been skipped Details CI / Deploy Docs (push) Has been skipped Details CI / Deploy MCP (push) Has been skipped Details	2026-03-10 12:37:29 +00:00
Sharang Parnerkar	46bf9de549	feat: findings refinement, new scanners, and deployment tooling (#6 ) Some checks failed CI / Format (push) Successful in 3s Details CI / Clippy (push) Successful in 4m3s Details CI / Security Audit (push) Successful in 1m38s Details CI / Tests (push) Successful in 4m44s Details CI / Detect Changes (push) Successful in 2s Details CI / Deploy Agent (push) Successful in 2s Details CI / Deploy Dashboard (push) Successful in 2s Details CI / Deploy Docs (push) Has been skipped Details CI / Deploy MCP (push) Failing after 2s Details	2026-03-09 12:53:12 +00:00
Sharang Parnerkar	42cabf0582	feat: rag-embedding-ai-chat (#1 ) All checks were successful CI / Format (push) Successful in 2s Details CI / Clippy (push) Successful in 2m56s Details CI / Security Audit (push) Successful in 1m25s Details CI / Tests (push) Successful in 3m57s Details Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com> Reviewed-on: #1	2026-03-06 21:54:15 +00:00
Sharang Parnerkar	b18824db25	Add graph explorer components, API handlers, and dependency updates Adds code inspector, file tree components, graph visualization JS, graph API handlers, sidebar navigation updates, and misc improvements. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 21:52:49 +01:00
Sharang Parnerkar	cea8f59e10	Add DAST, graph modules, toast notifications, and dashboard enhancements Add DAST scanning and code knowledge graph features across the stack: - compliance-dast and compliance-graph workspace crates - Agent API handlers and routes for DAST targets/scans and graph builds - Core models and traits for DAST and graph domains - Dashboard pages for DAST targets/findings/overview and graph explorer/impact - Toast notification system with auto-dismiss for async action feedback - Button click animations and disabled states for better UX Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-04 13:53:50 +01:00
Sharang Parnerkar	03ee69834d	Fix formatting and clippy warnings across workspace All checks were successful CI / Format (push) Successful in 3s Details CI / Clippy (push) Successful in 2m15s Details CI / Security Audit (push) Successful in 1m34s Details CI / Tests (push) Successful in 3m4s Details - Run cargo fmt on all crates - Fix regex patterns using unsupported lookahead in patterns.rs - Replace unwrap() calls with compile_regex() helper - Fix never type fallback in GitHub tracker - Fix redundant field name in findings page - Allow enum_variant_names for Dioxus Route enum - Fix &mut Vec -> &mut [T] clippy lint in sbom.rs - Mark unused-but-intended APIs with #[allow(dead_code)] Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 17:41:03 +01:00
Sharang Parnerkar	0867e401bc	Initial commit: Compliance Scanner Agent Autonomous security and compliance scanning agent for git repositories. Features: SAST (Semgrep), SBOM (Syft), CVE monitoring (OSV.dev/NVD), GDPR/OAuth pattern detection, LLM triage, issue creation (GitHub/GitLab/Jira), PR reviews, and Dioxus fullstack dashboard. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-02 13:30:17 +01:00

9 Commits