Replace expect() calls with let-else returns in SBOM download, use
strip_prefix() instead of manual slicing in extract_base_url, and
suppress too_many_arguments on server function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Auto-generate webhook_secret on repository creation (UUID-based)
- Webhook routes use per-repo URLs: /webhook/{platform}/{repo_id}
- Verify signatures using per-repo secret (not global env var)
- Dashboard proxies webhooks to agent (agent not exposed publicly)
- Edit modal shows webhook URL + secret for user to copy into Gitea
- Add webhook-config API endpoint to retrieve per-repo secret
- Add Gitea option to edit dialog tracker type dropdown
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add ability to configure issue tracker (GitHub, GitLab, Gitea, Jira) per
repository at creation time and edit later via PATCH endpoint. Includes
new Gitea tracker implementation, edit modal in dashboard, and
tracker_token field on the repository model.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New `compliance-mcp` crate providing a Model Context Protocol server
with 7 tools: list/get/summarize findings, list SBOM packages, SBOM
vulnerability report, list DAST findings, and DAST scan summary.
Supports stdio (local dev) and Streamable HTTP (deployment via MCP_PORT).
Includes Dockerfile, CI clippy check, and Coolify deploy job.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #5
Dioxus defaults to 127.0.0.1 which is unreachable from outside the
container. Hardcode 0.0.0.0 binding so reverse proxies can reach it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Dashboard: OAuth2/OIDC login flow with PKCE, session-based auth middleware
protecting all server function endpoints, check-auth server function for
frontend auth state, login page gate in AppShell, user info in sidebar.
Agent API: JWT validation middleware using Keycloak JWKS endpoint,
conditionally enabled when KEYCLOAK_URL and KEYCLOAK_REALM are set.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #2
Adds code inspector, file tree components, graph visualization JS,
graph API handlers, sidebar navigation updates, and misc improvements.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add DAST scanning and code knowledge graph features across the stack:
- compliance-dast and compliance-graph workspace crates
- Agent API handlers and routes for DAST targets/scans and graph builds
- Core models and traits for DAST and graph domains
- Dashboard pages for DAST targets/findings/overview and graph explorer/impact
- Toast notification system with auto-dismiss for async action feedback
- Button click animations and disabled states for better UX
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Run cargo fmt on all crates
- Fix regex patterns using unsupported lookahead in patterns.rs
- Replace unwrap() calls with compile_regex() helper
- Fix never type fallback in GitHub tracker
- Fix redundant field name in findings page
- Allow enum_variant_names for Dioxus Route enum
- Fix &mut Vec -> &mut [T] clippy lint in sbom.rs
- Mark unused-but-intended APIs with #[allow(dead_code)]
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Feature-gate mongodb in compliance-core (optional, default on) so wasm
builds don't pull in tokio/mio via mongodb
- Use bson v2 directly for ObjectId types (wasm-compatible)
- Restructure dashboard infrastructure/mod.rs: server function modules
always compiled (for RPC stubs), server-only modules cfg-gated
- Remove reqwest from dashboard web feature (not needed, data flows
through server functions)
- Add .gitignore
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
