Sharang Parnerkar
fabd397478
fix: create CVE notifications during scan, fix help chat doc loading
...
CI / Check (pull_request) Successful in 10m4s
CI / Detect Changes (pull_request) Has been skipped
CI / Deploy Agent (pull_request) Has been skipped
CI / Deploy Dashboard (pull_request) Has been skipped
CI / Deploy Docs (pull_request) Has been skipped
CI / Deploy MCP (pull_request) Has been skipped
Bug fixes:
1. CVE notifications now created during scan pipeline (not just hourly)
- Previously, notifications were only created by the scheduled
monitor_cves job. Users with 4 CVE alerts saw 0 notifications.
- Now the scan pipeline (Stage 3) creates notifications immediately
when CVE alerts are discovered, with the same dedup logic.
2. Help chat doc context loading fixed for Docker/production
- Added HELP_DOCS_PATH env var for explicit doc root configuration
- Added fallback chain: env var → binary location → cwd → Docker paths
- Dockerfile.agent now copies README.md and docs/ into /app and sets
HELP_DOCS_PATH=/app so the help chat has doc context in production
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-30 14:14:55 +02:00
49d5cd4e0a
feat: hourly CVE alerting with notification bell and API ( #53 )
CI / Check (push) Has been skipped
CI / Detect Changes (push) Successful in 3s
CI / Deploy Agent (push) Successful in 2s
CI / Deploy Dashboard (push) Successful in 2s
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Successful in 2s
2026-03-30 10:39:39 +00:00
a8bb05d7b1
feat: add floating help chat widget, remove settings page ( #51 )
CI / Check (push) Has been skipped
CI / Detect Changes (push) Successful in 3s
CI / Deploy Agent (push) Successful in 3s
CI / Deploy Dashboard (push) Successful in 2s
CI / Deploy Docs (push) Successful in 2s
CI / Deploy MCP (push) Has been skipped
2026-03-30 08:05:29 +00:00
bae24f9cf8
fix: cascade-delete DAST targets, pentests, and downstream data on repo delete ( #50 )
CI / Check (push) Has been skipped
CI / Detect Changes (push) Successful in 4s
CI / Deploy Agent (push) Successful in 9s
CI / Deploy Dashboard (push) Has been skipped
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Has been skipped
2026-03-30 07:11:23 +00:00
dd53132746
feat: refine all LLM system prompts for precision and reduced false positives ( #49 )
CI / Check (push) Has been skipped
CI / Deploy Agent (push) Has been cancelled
CI / Deploy Dashboard (push) Has been cancelled
CI / Deploy Docs (push) Has been cancelled
CI / Deploy MCP (push) Has been cancelled
CI / Detect Changes (push) Has been cancelled
2026-03-30 07:11:17 +00:00
ff088f9eb4
feat: deduplicate code review findings across LLM passes ( #48 )
CI / Check (push) Has been skipped
CI / Detect Changes (push) Successful in 7s
CI / Deploy Agent (push) Successful in 2s
CI / Deploy Dashboard (push) Has been skipped
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Has been skipped
2026-03-29 20:38:52 +00:00
c461faa2fb
feat: pentest onboarding — streaming, browser automation, reports, user cleanup ( #16 )
...
CI / Check (push) Has been skipped
CI / Detect Changes (push) Successful in 7s
CI / Deploy Agent (push) Successful in 2s
CI / Deploy Dashboard (push) Successful in 2s
CI / Deploy Docs (push) Successful in 2s
CI / Deploy MCP (push) Successful in 2s
Complete pentest feature overhaul: SSE streaming, session-persistent browser tool (CDP), AES-256 credential encryption, auto-screenshots in reports, code-level remediation correlation, SAST triage chunking, context window optimization, test user cleanup (Keycloak/Auth0/Okta), wizard dropdowns, attack chain improvements, architecture docs with Mermaid diagrams.
Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com >
Reviewed-on: #16
2026-03-17 20:32:20 +00:00
3bb690e5bb
refactor: modularize codebase and add 404 unit tests ( #13 )
CI / Format (push) Successful in 4s
CI / Clippy (push) Successful in 4m19s
CI / Security Audit (push) Successful in 1m44s
CI / Detect Changes (push) Successful in 5s
CI / Tests (push) Successful in 5m15s
CI / Deploy Agent (push) Successful in 2s
CI / Deploy Dashboard (push) Successful in 2s
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Successful in 2s
2026-03-13 08:03:45 +00:00
acc5b86aa4
feat: AI-driven automated penetration testing ( #12 )
CI / Clippy (push) Failing after 1m51s
CI / Security Audit (push) Successful in 2m1s
CI / Tests (push) Has been skipped
CI / Detect Changes (push) Has been skipped
CI / Deploy Agent (push) Has been skipped
CI / Deploy Dashboard (push) Has been skipped
CI / Deploy Docs (push) Has been skipped
CI / Format (push) Failing after 42s
CI / Deploy MCP (push) Has been skipped
2026-03-12 14:42:54 +00:00
491665559f
feat: per-repo issue tracker, Gitea support, PR review pipeline ( #10 )
CI / Security Audit (push) Has been cancelled
CI / Tests (push) Has been cancelled
CI / Detect Changes (push) Has been cancelled
CI / Deploy Agent (push) Has been cancelled
CI / Deploy Dashboard (push) Has been cancelled
CI / Deploy Docs (push) Has been cancelled
CI / Deploy MCP (push) Has been cancelled
CI / Clippy (push) Has been cancelled
CI / Format (push) Successful in 4s
2026-03-11 12:13:59 +00:00
Sharang Parnerkar
99983c51e3
feat: enhance tracing with field attributes and warn logging across all handlers
...
CI / Tests (push) Successful in 5m17s
CI / Detect Changes (push) Successful in 3s
CI / Deploy Agent (push) Successful in 3s
CI / Deploy Dashboard (push) Has been skipped
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Has been skipped
CI / Format (push) Successful in 4s
CI / Clippy (push) Successful in 4m38s
CI / Security Audit (push) Successful in 1m50s
Add repo_id, finding_id, and filter fields to tracing::instrument attributes
for better trace correlation in SigNoz. Replace all silently swallowed errors
(Err(_) => Vec::new()) with tracing::warn! logging across mod.rs, dast.rs,
graph.rs handlers. Add stage-level spans with .instrument() to pipeline
orchestrator for visibility into scan phases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 21:56:16 +01:00
Sharang Parnerkar
67d6a937ae
feat: add OpenTelemetry trace spans to all handlers and pipeline functions
...
CI / Clippy (push) Successful in 4m26s
CI / Security Audit (push) Successful in 1m46s
CI / Format (push) Successful in 4s
CI / Tests (push) Successful in 5m16s
CI / Detect Changes (push) Successful in 4s
CI / Deploy Agent (push) Successful in 3s
CI / Deploy Dashboard (push) Has been skipped
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Has been skipped
Add #[tracing::instrument(skip_all)] to 44 functions:
- 19 API handlers in mod.rs
- 3 chat handlers, 6 DAST handlers, 7 graph handlers
- 2 pipeline orchestrator functions
- 7 scanner functions (sbom, semgrep, gitleaks, cve, lint, patterns)
This generates trace spans for SigNoz visibility into request
latency, scan pipeline stages, and error tracking.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 17:08:13 +01:00
daff5812a6
fix: SBOM multi-ecosystem support with correct package managers and licenses ( #8 )
CI / Format (push) Successful in 3s
CI / Clippy (push) Successful in 4m28s
CI / Security Audit (push) Failing after 1m52s
CI / Tests (push) Has been skipped
CI / Detect Changes (push) Has been skipped
CI / Deploy Agent (push) Has been skipped
CI / Deploy Dashboard (push) Has been skipped
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Has been skipped
2026-03-10 12:37:29 +00:00
46bf9de549
feat: findings refinement, new scanners, and deployment tooling ( #6 )
CI / Format (push) Successful in 3s
CI / Clippy (push) Successful in 4m3s
CI / Security Audit (push) Successful in 1m38s
CI / Tests (push) Successful in 4m44s
CI / Detect Changes (push) Successful in 2s
CI / Deploy Agent (push) Successful in 2s
CI / Deploy Dashboard (push) Successful in 2s
CI / Deploy Docs (push) Has been skipped
CI / Deploy MCP (push) Failing after 2s
2026-03-09 12:53:12 +00:00
0cb06d3d6d
feat: add Keycloak authentication for dashboard and API endpoints ( #2 )
...
CI / Format (push) Successful in 2s
CI / Security Audit (push) Has been cancelled
CI / Tests (push) Has been cancelled
CI / Clippy (push) Has been cancelled
Dashboard: OAuth2/OIDC login flow with PKCE, session-based auth middleware
protecting all server function endpoints, check-auth server function for
frontend auth state, login page gate in AppShell, user info in sidebar.
Agent API: JWT validation middleware using Keycloak JWKS endpoint,
conditionally enabled when KEYCLOAK_URL and KEYCLOAK_REALM are set.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com >
Reviewed-on: #2
2026-03-07 23:50:56 +00:00
42cabf0582
feat: rag-embedding-ai-chat ( #1 )
...
CI / Format (push) Successful in 2s
CI / Clippy (push) Successful in 2m56s
CI / Security Audit (push) Successful in 1m25s
CI / Tests (push) Successful in 3m57s
Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com >
Reviewed-on: #1
2026-03-06 21:54:15 +00:00
Sharang Parnerkar
b18824db25
Add graph explorer components, API handlers, and dependency updates
...
Adds code inspector, file tree components, graph visualization JS,
graph API handlers, sidebar navigation updates, and misc improvements.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-04 21:52:49 +01:00
Sharang Parnerkar
cea8f59e10
Add DAST, graph modules, toast notifications, and dashboard enhancements
...
Add DAST scanning and code knowledge graph features across the stack:
- compliance-dast and compliance-graph workspace crates
- Agent API handlers and routes for DAST targets/scans and graph builds
- Core models and traits for DAST and graph domains
- Dashboard pages for DAST targets/findings/overview and graph explorer/impact
- Toast notification system with auto-dismiss for async action feedback
- Button click animations and disabled states for better UX
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-04 13:53:50 +01:00
Sharang Parnerkar
03ee69834d
Fix formatting and clippy warnings across workspace
...
CI / Format (push) Successful in 3s
CI / Clippy (push) Successful in 2m15s
CI / Security Audit (push) Successful in 1m34s
CI / Tests (push) Successful in 3m4s
- Run cargo fmt on all crates
- Fix regex patterns using unsupported lookahead in patterns.rs
- Replace unwrap() calls with compile_regex() helper
- Fix never type fallback in GitHub tracker
- Fix redundant field name in findings page
- Allow enum_variant_names for Dioxus Route enum
- Fix &mut Vec -> &mut [T] clippy lint in sbom.rs
- Mark unused-but-intended APIs with #[allow(dead_code)]
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-02 17:41:03 +01:00
Sharang Parnerkar
0867e401bc
Initial commit: Compliance Scanner Agent
...
Autonomous security and compliance scanning agent for git repositories.
Features: SAST (Semgrep), SBOM (Syft), CVE monitoring (OSV.dev/NVD),
GDPR/OAuth pattern detection, LLM triage, issue creation (GitHub/GitLab/Jira),
PR reviews, and Dioxus fullstack dashboard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-02 13:30:17 +01:00
