sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
40 Commits 11 Branches 1 Tag
85ceef7e1f4a06e5e93080d5a07b2b62dfff80ff
Commit Graph

5 Commits

Author SHA1 Message Date
Sharang Parnerkar
71d8741e10 feat: AI-driven automated penetration testing system 
Add a complete AI pentest system where Claude autonomously drives security
testing via tool-calling. The LLM selects from 16 tools, chains results,
and builds an attack chain DAG.

Core:
- PentestTool trait (dyn-compatible) with PentestToolContext/Result
- PentestSession, AttackChainNode, PentestMessage, PentestEvent models
- 10 new DastVulnType variants (DNS, DMARC, TLS, cookies, CSP, CORS, etc.)
- LLM client chat_with_tools() for OpenAI-compatible tool calling

Tools (16 total):
- 5 agent wrappers: SQL injection, XSS, auth bypass, SSRF, API fuzzer
- 11 new infra tools: DNS checker, DMARC checker, TLS analyzer,
  security headers, cookie analyzer, CSP analyzer, rate limit tester,
  console log detector, CORS checker, OpenAPI parser, recon
- ToolRegistry for tool lookup and LLM definition generation

Orchestrator:
- PentestOrchestrator with iterative tool-calling loop (max 50 rounds)
- Attack chain node recording per tool invocation
- SSE event broadcasting for real-time progress
- Strategy-aware system prompts (quick/comprehensive/targeted/aggressive/stealth)

API (9 endpoints):
- POST/GET /pentest/sessions, GET /pentest/sessions/:id
- POST /pentest/sessions/:id/chat, GET /pentest/sessions/:id/stream
- GET /pentest/sessions/:id/attack-chain, messages, findings
- GET /pentest/stats

Dashboard:
- Pentest dashboard with stat cards, severity distribution, session list
- Chat-based session page with split layout (chat + findings/attack chain)
- Inline tool execution indicators, auto-polling, new session modal
- Sidebar navigation item

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-11 19:23:21 +01:00
Sharang Parnerkar
4361e67703 fix: resolve cargo audit failures by updating tantivy, scraper, quinn-proto (#9)
Some checks failed
CI / Format (push) Successful in 3s
Details
CI / Clippy (push) Successful in 4m22s
Details
CI / Security Audit (push) Successful in 1m45s
Details
CI / Deploy Agent (push) Successful in 4s
Details
CI / Deploy MCP (push) Failing after 2s
Details
CI / Tests (push) Successful in 5m7s
Details
CI / Detect Changes (push) Successful in 7s
Details
CI / Deploy Dashboard (push) Successful in 3s
Details
CI / Deploy Docs (push) Has been skipped
Details
2026-03-10 14:05:24 +00:00
Sharang Parnerkar
42cabf0582 feat: rag-embedding-ai-chat (#1)
All checks were successful
CI / Format (push) Successful in 2s
Details
CI / Clippy (push) Successful in 2m56s
Details
CI / Security Audit (push) Successful in 1m25s
Details
CI / Tests (push) Successful in 3m57s
Details 
Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #1
 2026-03-06 21:54:15 +00:00
Sharang Parnerkar
b18824db25 Add graph explorer components, API handlers, and dependency updates 
Adds code inspector, file tree components, graph visualization JS,
graph API handlers, sidebar navigation updates, and misc improvements.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 21:52:49 +01:00
Sharang Parnerkar
cea8f59e10 Add DAST, graph modules, toast notifications, and dashboard enhancements 
Add DAST scanning and code knowledge graph features across the stack:
- compliance-dast and compliance-graph workspace crates
- Agent API handlers and routes for DAST targets/scans and graph builds
- Core models and traits for DAST and graph domains
- Dashboard pages for DAST targets/findings/overview and graph explorer/impact
- Toast notification system with auto-dismiss for async action feedback
- Button click animations and disabled states for better UX

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-04 13:53:50 +01:00