Adds /mcp-tokens page that lets a logged-in user mint, list, and
revoke bearer tokens for the MCP server. Stacks on #92 (which added
the agent endpoints + middleware) — once both land, the loop is
closed: a user can copy a token from the dashboard straight into
their Claude Desktop / Cursor / ChatGPT MCP config.
UX
- "Create Token" button → inline form with name input.
- On submit, server function calls `POST /api/v1/mcp-tokens`. The
raw token is shown ONCE in a prominent yellow banner with a copy
button and a "won't be shown again" warning, then the user
dismisses it manually.
- List view: card per token with name, prefix `mcpt_xxxx…`, created
date, last_used (or "never"). Revoked tokens render dimmed with a
"revoked" pill. Active tokens have a trash button → confirm
modal → soft delete.
- Toast feedback on create/revoke success/failure.
Files
- infrastructure/mcp_tokens.rs (new) — three #[server] functions:
fetch_mcp_tokens, create_mcp_token, revoke_mcp_token. All go
through agent_client so the Keycloak Bearer is auto-attached;
the agent then enforces tenant scoping on every endpoint.
- pages/mcp_tokens.rs (new) — the page component itself.
- app.rs — adds Route::McpTokensPage at /mcp-tokens.
- pages/mod.rs, infrastructure/mod.rs — module + re-export wiring.
Timestamp format
- The agent serializes BSON DateTime as extended JSON
`{"$date":{"$numberLong":"..."}}`. Page has a small helper that
accepts that shape, plain ISO strings, or anything else
(best-effort). Same approach used elsewhere in the dashboard so
there's no new dependency.
Test plan
- cargo fmt --all clean
- cargo clippy -p compliance-dashboard --features server
-- -D warnings clean
- cargo clippy -p compliance-dashboard --features web
--no-default-features -- -D warnings clean
- cargo check on both feature sets clean
Followup
- No sidebar entry yet (matches mcp_servers — settings-style
pages are reached via direct URL today). Worth adding a
Settings sub-menu in a separate UX pass.
- Token expiry + per-tool scope when those land on the agent side
will need a small UI for the create modal (extra fields).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
New `compliance-mcp` crate providing a Model Context Protocol server
with 7 tools: list/get/summarize findings, list SBOM packages, SBOM
vulnerability report, list DAST findings, and DAST scan summary.
Supports stdio (local dev) and Streamable HTTP (deployment via MCP_PORT).
Includes Dockerfile, CI clippy check, and Coolify deploy job.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #5
Adds code inspector, file tree components, graph visualization JS,
graph API handlers, sidebar navigation updates, and misc improvements.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add DAST scanning and code knowledge graph features across the stack:
- compliance-dast and compliance-graph workspace crates
- Agent API handlers and routes for DAST targets/scans and graph builds
- Core models and traits for DAST and graph domains
- Dashboard pages for DAST targets/findings/overview and graph explorer/impact
- Toast notification system with auto-dismiss for async action feedback
- Button click animations and disabled states for better UX
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Run cargo fmt on all crates
- Fix regex patterns using unsupported lookahead in patterns.rs
- Replace unwrap() calls with compile_regex() helper
- Fix never type fallback in GitHub tracker
- Fix redundant field name in findings page
- Allow enum_variant_names for Dioxus Route enum
- Fix &mut Vec -> &mut [T] clippy lint in sbom.rs
- Mark unused-but-intended APIs with #[allow(dead_code)]
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>